diff options
| author | Brooks Davis <brooks@FreeBSD.org> | 2006-08-15 21:09:15 +0000 |
|---|---|---|
| committer | Brooks Davis <brooks@FreeBSD.org> | 2006-08-15 21:09:15 +0000 |
| commit | ff607e4face44365e2fe56e16393fc70907a6b82 (patch) | |
| tree | d597d43e38db2e0a7d748f1058bdf854da0e0d94 /security | |
| parent | ce70032afda1114800b30eb06f3bc0fbf83e6245 (diff) | |
| download | ports-ff607e4face44365e2fe56e16393fc70907a6b82.tar.gz ports-ff607e4face44365e2fe56e16393fc70907a6b82.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 53299cfc16d7..1f8e045d58d6 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,48 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="5039ae61-2c9f-11db-8401-000ae42e9b93"> + <topic>globus -- Multiple tmpfile races</topic> + <affects> + <package> + <name>globus</name> + <range><lt>4.0.2_20060706</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Globus Alliance reports:</p> + <blockquote cite="http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html"> + <p>The proxy generation tool (grid-proxy-init) creates the + file, secures the file to provide access only to owner and + writes proxy to the file. A race condition exists between + the opening of the proxy credentials file, and making sure + it is safe file to write to. The checks to ensure this + file is accessible only to the owner take place using the + filename after the file is opened for writing, but before + any data is written.</p> + </blockquote> + <blockquote cite="http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html"> + <p>Various components of the toolkit use files in shared + directories to store information, some being sensitive + information. For example, the tool to create proxy + certificates, stores the generated proxy certificate by + default in /tmp. Specific vulnerabilities in handling such + files were reported in myproxy-admin-adduser, grid-ca-sign + and grid-security-config.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html</url> + <url>http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html</url> + </references> + <dates> + <discovery>2006-08-08</discovery> + <entry>2006-08-15</entry> + </dates> + </vuln> + <vuln vid="9dda3ff1-2b02-11db-a6e2-000e0c2e438a"> <topic>x11vnc -- authentication bypass vulnerability</topic> <affects> |