Mailinglist Archive: opensuse-bugs (8114 mails)

< Previous Next >
[Bug 246969] New: gnucash temp race problem
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 20 Feb 2007 08:54:13 -0700 (MST)
  • Message-id: <bug-246969-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>

Summary: gnucash temp race problem
Product: openSUSE 10.3
Version: Alpha 1
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: GNOME
AssignedTo: bnc-team-gnome@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: meissner@xxxxxxxxxx
QAContact: qa@xxxxxxx
CC: security-team@xxxxxxx

To: coley@xxxxxxxxx
Cc: vendor-sec@xxxxxx
From: Josh Bressers <bressers@xxxxxxxxxx>
Subject: [vendor-sec] gnucash temporary file flaw
Errors-To: vendor-sec-admin@xxxxxx
Date: Mon, 19 Feb 2007 11:31:58 -0500

Hi Steve,

I just noticed that a GnuCash temporary file flaw went public today:

I assigned CVE-2007-0007 to this some time ago:

Sorry for not alerting everyone else earlier.

Name: CVE-2007-0007
Status: Candidate
Reference: CONFIRM:
Reference: SECUNIA:24225
Reference: URL:

gnucash 2.0.4 and earlier allows local users to overwrite arbitrary
files via a symlink attack on the (1) gnucash.trace, (2) qof.trace,
and (3) qof.trace.[PID] temporary files.

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

< Previous Next >