| Summary: |
VUL-0: arc insecure temp file creation |
| Product: |
[openSUSE] SUSE Linux 10.1
|
Reporter: |
Thomas Biege <thomas> |
| Component: |
Other | Assignee: |
Security Team bot <security-team> |
| Status: |
RESOLVED
FIXED
|
QA Contact: |
E-mail List <qa-bugs> |
| Severity: |
Normal
|
|
|
| Priority: |
P5 - None
|
CC: |
patch-request, security-team
|
| Version: |
unspecified | |
|
| Target Milestone: |
--- | |
|
| Hardware: |
Other | |
|
| OS: |
All | |
|
| Whiteboard: |
CVE-2005-2992: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N) |
|
Found By:
|
Other
|
Services Priority:
|
|
|---|
|
Business Priority:
|
|
Blocker:
|
---
|
|---|
|
Marketing QA Status:
|
---
|
IT Deployment:
|
---
|
|---|
| Attachments: |
patch.CAN-2005-2945.arc
|
Hello, I have some bugs for you. ----------------------------------------------------------------------- Two vulnerabilities have been discovered in the ARC archive program under Unix. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-2945 Eric Romang discovered that the ARC archive program under Unix creates a temporary file with insecure permissions which may lead to an attacker stealing sensitive information. CAN-2005-2992 Joey Schulze discovered that the temporary file was created in an insecure fashion as well, leaving it open to a classic symlink attack.