[Secure-testing-team] Bug#760709: /tmp file vulnerability in generate_doxygen.pl
Helmut Grohne
helmut at subdivi.de
Sun Sep 7 06:23:35 UTC 2014
Package: src:ace
Version: 6.2.7+dfsg-1
Severity: grave
Tags: security
bin/generate_doxygen.pl line 177 says:
| my $output = "/tmp/".$i.".".$$.".doxygen";
The filename used is predictable and thus allows elevating privileges to
the user running the build.
Unless there is an independent discovery, this is the initial public
disclosure of this vulnerability.
Helmut
More information about the Secure-testing-team
mailing list