[Bug 1267962] New: perl-IPTables-Parse: Use of predictable names for temporary files
bugzilla at redhat.com
bugzilla at redhat.com
Thu Oct 1 13:14:22 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1267962
Bug ID: 1267962
Summary: perl-IPTables-Parse: Use of predictable names for
temporary files
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team at redhat.com
Reporter: amaris at redhat.com
CC: mitr at redhat.com, perl-devel at lists.fedoraproject.org,
tremble at tremble.org.uk
A vulnerability in perl-IPTables-Parse was found, when using predictable file
names for its temporary files. This vulnerability allows attacker on a
multi-user system to set up symlinks to overwrite any file the current user has
write access to.
Note that perl-IPTables-Parse is also used by fwsnort and
perl-IPTables-ChainMgr, which is used by psad.
Upstream patch:
https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the perl-devel
mailing list