Fedora 15 : fail2ban-0.8.4-27.fc15 (2011-5135)

fail2ban used predictable /tmp files which a local user can allocate before fail2ban does. All tmp files have been moved to /var/lib/fail2ban. This also helps with selinux policies. Another security related fix is that fail2ban defaulted to gamin which conflicts with selinux, so users had to...

DEBIAN-CVE-2011-1675

mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMITFSIZE value, a related issue to CVE-2011-1089...

policycoreutils: insecure temporary directory handling in seunshare

The seunsharemount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux RHEL 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to...

Fedora 14 : policycoreutils-2.0.85-19.fc14 (2011-3043)

This fixes the problem with seunshare causing applications to mistakenly use the /tmp directory in an unsafe manner. CVE-2011-1011 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...

Red Hat Linux stickiness of /tmp

Exploit for linux platform in category dos / poc Developers should not rely on the stickiness of /tmp on Red Hat Linux --------------------------------------------------------------------- Recent versions of Red Hat Enterprise Linux and Fedora provide seunshare, a setuid root utility from...

CVE-2011-0702

The fehuniquefilename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh temporary file...

CVE-2011-0702

The fehuniquefilename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh temporary file...

SuSE 10 Security Update : valgrind (ZYPP Patch Number 5803)

valgrind reads a file .valgrindrc in the current directory. Therefore local users could place such a file a world-writable directory such as /tmp and influence other users' valgrind when it's executed there. CVE-2008-4865 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description o...

CVE-2010-4337

The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/gnash-configure-errors.$$, 2 /tmp/gnash-configure-warnings.$$, or 3 /tmp/gnash-configure-recommended.$$ files...

CVE-2010-4337

Removed by vendor...

CVE-2011-0401

Piwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote attackers to cause a denial of service inode consumption by establishing many sessions...

CVE-2010-4173

The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a 1 symlink or 2 hard link attack on the libsdp.log. temporary file...

CVE-2010-1693

openibd in OpenFabrics Enterprise Distribution OFED 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ibsetnodedesc.sh temporary file...

CVE-2010-3264

The engine installer in Novell Identity Manager aka IDM 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file...

Design/Logic Flaw

The engine installer in Novell Identity Manager aka IDM 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file...

CVE-2010-3264

The CVE-2010-3264 entry affects Novell Identity Manager (IDM) 3.6.1: the engine installer writes admin tree credentials to /tmp/idmInstall.log, exposing sensitive information to any local user who reads that file. This is a local-privilege-exposure issue rooted in the installer’s handling of cred...

Fedora 12 : gource-0.24-3.fc12 (2010-6766)

Randomize name for files created in /tmp Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Fedora 13 : gource-0.24-3.fc13 (2010-6703)

Randomize name for files created in /tmp Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

CVE-2010-2024

transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/...

Linux/x86 - rmdir(/tmp/willdeleted) Shellcode (41 bytes)

Linux/x86 - rmdir/tmp/willdeleted Shellcode 41 bytes. Shellcode exploit for Linuxx86 platform / Name : 41 bytes sysrmdir"/tmp/willdeleted" x86 linux shellcode Date : may, 31 2010 Author : gunslinger Web : devilzc0de.com blog : gunslingerc0de.wordpress.com tested on : linux debian...