http://bugzilla.novell.com/show_bug.cgi?id=516457 Summary: Contrib: fwbuilder tmp race Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: joop_boonen@web.de ReportedBy: meissner@novell.com QAContact: qa@suse.de CC: security-team@suse.de Found By: --- CVE-2008-4956 fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent.##### temporary file. References Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. MLIST:[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire URL:http://www.openwall.com/lists/oss-security/2008/10/30/2 CONFIRM:http://bugs.debian.org/496406 CONFIRM:http://dev.gentoo.org/~rbu/security/debiantemp/fwbuilder CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=235770 CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=235809 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.