Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

psub and funced don't protect tempfiles (CVE-2014-2906 and CVE-2014-3856) #1437

Closed
zanchey opened this issue Apr 28, 2014 · 0 comments
Closed

psub and funced don't protect tempfiles (CVE-2014-2906 and CVE-2014-3856) #1437

zanchey opened this issue Apr 28, 2014 · 0 comments
Assignees
Milestone

Comments

@zanchey
Copy link
Member

@zanchey zanchey commented Apr 28, 2014

psub and funced both create temporary files using reasonably predictable names and are vulnerable to a race condition.

For funced, the file is sourced directly, allowing privilege escalation (CVE-2014-3856).

For psub, the file is given as an argument to other programs, allowing incorrect input to these programs (CVE-2014-2906).

@zanchey zanchey closed this in 55bc416 Apr 28, 2014
@zanchey zanchey added this to the 2.1.1 milestone Apr 29, 2014
@zanchey zanchey self-assigned this Sep 1, 2014
@zanchey zanchey changed the title psub and funced don't protect tempfiles (CVE-2014-2906) psub and funced don't protect tempfiles (CVE-2014-2906 and CVE-2014-3856) Sep 26, 2014
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 19, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant