Summary: | dev-util/cvs temp file issues | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cvs-utils+obsolete |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366 | ||
Whiteboard: | B3? [noglsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-08-24 22:02:05 UTC
*** Bug 103303 has been marked as a duplicate of this bug. *** cvs-utils please verify and bump as needed. in cvs now. stable on ppc64 Stable on x86. sparc stable. Stable on hppa Stable on ppc. Stable on the shiny alpha architecture :) Cheers, Ferdy Stable on amd64 - sorry about the delay. CAN-2005-2693 "It is possible that a malicious user could leverage this issue to execute arbitrary instructions as the user running cvsbug." Time to vote, I tend to vote yes (more impact than just overwriting a file with garbage, though cvsbug use is a little unlikely). vote NO, difficult to exploit. impossible to predict when someone is going to run cvsbug, and even if you could social engineer a situation when you knew the precise time that someone was going to execute it and convince them that they had found a bug that needed to be reported, you still need to win a race condition. I tend to vote NO. Reversing YES to NO, and closing. Stable on mips. |