Информационная безопасность
[RU] switch to English


Проблема символьных линков в GNU Emacs
Опубликовано:10 мая 2014 г.
Источник:
SecurityVulns ID:13765
Тип:локальная
Уровень опасности:
5/10
Описание:Проблема символьных линков при создании временных файлов.
Затронутые продукты:NCSA : Mosaic 2.1
 GNU : Emacs 24.3
CVE:CVE-2014-3426 (NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/Mosaic.pid file for every possible PID.)
 CVE-2014-3425 (NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/xmosaic.pid file for every possible PID.)
 CVE-2014-3424 (lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.)
 CVE-2014-3423 (lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.)
 CVE-2014-3422 (lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.)
 CVE-2014-3421 (lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.)
Оригинальный текстdocumentSteve Kemp, [oss-security] CVE Request - Predictable temporary filenames in GNU Emacs (10.05.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород