[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] wafp insecure temporary directory
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-04-28 0:13:37
Message-ID: 1626485214.2005361272413617045.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- "Henri Salo" <henri@nerv.fi> wrote:
> Wafp creates a temporary directory to predictable path and name. This
> allows a local attacker to create a denial of service condition and
> discloses sensitive information to unprivileged users. This also reduces
> usability of this software, because one can't run more than one wafp-
> instances at the same time. This issue can also be leveraged to delete
> arbitrary files or directories via a symlink attack.
>
> I notified the project:
> http://code.google.com/p/webapplicationfingerprinter/issues/detail?id=8
>
> Can I get CVE-identifier for this issue?
>
Please use CVE-2010-1438.
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic