Bug 136304 - CAN-2004-0971 temporary file vulnerabilities in krb5-send-pr script
Summary: CAN-2004-0971 temporary file vulnerabilities in krb5-send-pr script
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: krb5
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
Whiteboard: public=20040930,impact=low
Keywords: Security
Depends On:
Blocks: 132991
TreeView+ depends on / blocked
Reported: 2004-10-19 09:50 UTC by Mark J. Cox
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2005-01-19 18:51:45 UTC

Attachments (Terms of Use)
proposed patch (1.35 KB, patch)
2004-10-19 09:50 UTC, Mark J. Cox
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:012 normal SHIPPED_LIVE Moderate: krb5 security update 2005-01-19 05:00:00 UTC

Description Mark J. Cox 2004-10-19 09:50:03 UTC
On September 10th 2004, Trustix shared some temporary file
vulnerabilities with vendor-sec.  After some refinement these were
made public on Sep30.  These are minor issues (impact: LOW) and
therefore should be fixed in future updates, but don't deserve their
own security advisory.

Temporary file vulnerability in krb5-send-pr script.  Patch attached.  

                Affects: RHEL3
                Affects: RHEL2.1

Comment 1 Mark J. Cox 2004-10-19 09:50:26 UTC
Created attachment 105432 [details]
proposed patch

Comment 4 Josh Bressers 2005-01-19 18:51:45 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.