First published: Fri Jan 16 2015(Updated: )
Kurt Seifried of Red Hat Product Security reports: There are several temporary file creation vulnerabilities: In the file ./389-admin-1.1.36/admserv/newinst/src/AdminServer.pm.in my $secfile_backup_dir = "/tmp/adm-sec-files." . $$; and in the file: ./389-admin-1.1.36/lib/libadmin/httpcon.c char *dbd = "/tmp/http_trace.%d"; The perl code should use mkstemp() and the C code should use mkstemp(). These issues are only locally exploitable and require administrative action in order to exploit.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fedoraproject 389 Administration Server | <=1.1.37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.