insecure temporary file creation in kdelibs 3.3.2

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: insecure temporary file creation in kdelibs 3.3.2
From: Davide Madrisan <davide.madrisan@xxxxxxxxxx>
Date: Fri, 11 Feb 2005 09:16:38 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: QiNet s.r.l.
User-agent: KMail/1.7.2

The `dcopidlng' script in the KDE library package 
(kdelibs-3.3.2/dcop/dcopidlng/dcopidlng)
creates temporary files in a unsecure manner.

This bug has been fixed in 32 minutes (!) by Stephan Kulow, the KDE team 
leader. Here you can found the official patch:
http://bugs.kde.org/show_bug.cgi?id=97608

Note: This bug has been find by `autospec', the work-in-progress tool used by 
the QiLinux team to (semi)automatically create specfiles from tarballs and 
update/check rpm packages. It's released under GPL and not QiLinux specific.
The latest release can be found at the URL:
ftp://ftp.qilinux.it/pub/QiLinux/devel/tools/autospec/

#include <best/regards.h>
---
Davide Madrisan
QiLinux Security Team Leader
PGP keyID: 4B72B0B9 fp: 2B79 BFF1 EE33 EE8C 3258 E43C CDA8 EFF3 4B72 B0B9
PGP public key: <http://pgp.mit.edu/>
http://www.qilinux.it

Attachment: pgpd43Ij8HE4h.pgp
Description: PGP signature

Prev by Date: [SECURITY] [DSA 674-2] New mailman packages really fix several vulnerabilities
Next by Date: Re: Symantec UPX Parsing Engine Heap Overflow
Previous by thread: [SECURITY] [DSA 674-2] New mailman packages really fix several vulnerabilities
Next by thread: [SECURITY] [DSA 676-1] New xpcd packages fix arbitrary code execution as root
Index(es):
- Date
- Thread