oss-security April 2010 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] wafp insecure temporary directory

[oss-security] wafp insecure temporary directory

From: Henri Salo <henri_at_nospam>
Date: Tue Apr 27 2010 - 15:41:22 GMT
To: cert@cert.org, "Steven M. Christey" <coley@linus.mitre.org>

Wafp creates a temporary directory to predictable path and name. This
allows a local attacker to create a denial of service condition and
discloses sensitive information to unprivileged users. This also reduces
usability of this software, because one can't run more than one wafp-
instances at the same time. This issue can also be leveraged to delete
arbitrary files or directories via a symlink attack.

I notified the project:

Can I get CVE-identifier for this issue?

--- Henri Salo