[Bug 516450] New: bacula temp race?
http://bugzilla.novell.com/show_bug.cgi?id=516450 Summary: bacula temp race? Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: anicka@novell.com ReportedBy: meissner@novell.com QAContact: qa@suse.de CC: security-team@suse.de Found By: Security Response Team CVE-2008-5373 mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995. References Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. MLIST:[debian-devel] 20080813 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages URL:http://lists.debian.org/debian-devel/2008/08/msg00347.html MISC:http://uvw.ru/report.sid.txt -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=516450
Anna Bernathova
http://bugzilla.novell.com/show_bug.cgi?id=516450
User anicka@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=516450#c1
Anna Bernathova
http://bugzilla.novell.com/show_bug.cgi?id=516450
User thomas@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=516450#c2
Thomas Biege
http://bugzilla.novell.com/show_bug.cgi?id=516450
User anicka@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=516450#c3
--- Comment #3 from Anna Bernathova
http://bugzilla.novell.com/show_bug.cgi?id=516450
User anicka@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=516450#c4
Anna Bernathova
http://bugzilla.novell.com/show_bug.cgi?id=516450
User thomas@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=516450#c5
Thomas Biege
participants (1)
-
bugzilla_noreply@novell.com