Mailinglist Archive: opensuse-bugs (8114 mails)

< Previous Next >
[Bug 246969] New: gnucash temp race problem
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 20 Feb 2007 08:54:13 -0700 (MST)
  • Message-id: <bug-246969-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>
https://bugzilla.novell.com/show_bug.cgi?id=246969

Summary: gnucash temp race problem
Product: openSUSE 10.3
Version: Alpha 1
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: GNOME
AssignedTo: bnc-team-gnome@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: meissner@xxxxxxxxxx
QAContact: qa@xxxxxxx
CC: security-team@xxxxxxx


To: coley@xxxxxxxxx
Cc: vendor-sec@xxxxxx
From: Josh Bressers <bressers@xxxxxxxxxx>
Subject: [vendor-sec] gnucash temporary file flaw
Errors-To: vendor-sec-admin@xxxxxx
Date: Mon, 19 Feb 2007 11:31:58 -0500

Hi Steve,

I just noticed that a GnuCash temporary file flaw went public today:
http://secunia.com/advisories/24225/

I assigned CVE-2007-0007 to this some time ago:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223233

Sorry for not alerting everyone else earlier.

======================================================
Name: CVE-2007-0007
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0007
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223233
Reference: SECUNIA:24225
Reference: URL:http://secunia.com/advisories/24225

gnucash 2.0.4 and earlier allows local users to overwrite arbitrary
files via a symlink attack on the (1) gnucash.trace, (2) qof.trace,
and (3) qof.trace.[PID] temporary files.


--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

< Previous Next >