|Main Archive Page > Month Archives > oss-security archives|
Wafp creates a temporary directory to predictable path and name. This
allows a local attacker to create a denial of service condition and
discloses sensitive information to unprivileged users. This also reduces
usability of this software, because one can't run more than one wafp-
instances at the same time. This issue can also be leveraged to delete
arbitrary files or directories via a symlink attack.
I notified the project:
Can I get CVE-identifier for this issue?
--- Henri Salo