diff options
author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-07-08 21:03:14 +0000 |
---|---|---|
committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-07-08 21:03:14 +0000 |
commit | 81b2a86d1817622d4142d087dd18931aa660ea50 (patch) | |
tree | a48bf1e6565578c382417167cb1813a16dbf7dbb /security/vuxml/vuln.xml | |
parent | cd3d9e6455e2dd75b37d8e28d8502b20fd4e7eae (diff) | |
download | ports-81b2a86d1817622d4142d087dd18931aa660ea50.tar.gz ports-81b2a86d1817622d4142d087dd18931aa660ea50.zip |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
-rw-r--r-- | security/vuxml/vuln.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 582fae95d06e..ba0caefc129b 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,35 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9a035a56-eff0-11d9-8310-0001020eed82"> + <topic>ekg -- insecure temporary file creation</topic> + <affects> + <package> + <name>pl-ekg</name> + <range><ge>0</ge></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Eric Romang reports that ekg creates temporary files in an + insecure manner. This can be exploited by an attacker using + a symlink attack to overwrite arbitrary files and possibly + execute arbitrary commands with the permissions of the user + running ekg.</p> + </body> + </description> + <references> + <bid>14146</bid> + <cvename>CAN-2005-1916</cvename> + <mlist msgid="42CA2DDB.5030606@zataz.net">http://marc.theaimsgroup.com/?l=bugtraq&m=112060146011122</mlist> + <url>http://bugs.gentoo.org/show_bug.cgi?id=94172</url> + </references> + <dates> + <discovery>2005-07-05</discovery> + <entry>2005-07-08</entry> + </dates> + </vuln> + <vuln vid="6e33f4ab-efed-11d9-8310-0001020eed82"> <topic>bugzilla -- multiple vulnerabilities</topic> <affects> |