[asterisk-bugs] [Zaptel 0005181]: [patch] insecure temporary file creation in fxotune
noreply at bugs.digium.com
noreply at bugs.digium.com
Sat Jun 7 11:03:40 CDT 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=5181
======================================================================
Reported By: tzafrir
Assigned To: kpfleming
======================================================================
Project: Zaptel
Issue ID: 5181
Category: Utilities
Reproducibility: always
Severity: trivial
Priority: normal
Status: closed
Zaptel Version: 1.2.0-beta1
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: Yes
Request Review:
Resolution: fixed
Fixed in Version:
======================================================================
Date Submitted: 09-10-2005 12:31 CDT
Last Modified: 06-07-2008 11:03 CDT
======================================================================
Summary: [patch] insecure temporary file creation in fxotune
Description:
fxotune creates the temporary file /tmp/fxotune.vals when run in detect
mode (-i). This exposes it to symlinks attack.
Not a big threat, but then again, very simple to fix. Patch is attached.
This is untested as I don't have the hardware.
======================================================================
----------------------------------------------------------------------
svnbot - 06-07-08 11:03
----------------------------------------------------------------------
Repository: dahdi
Revision: 764
U trunk/fxotune.c
------------------------------------------------------------------------
r764 | kpfleming | 2008-06-07 11:03:37 -0500 (Sat, 07 Jun 2008) | 2 lines
create temp file safely (issue http://bugs.digium.com/view.php?id=5181)
------------------------------------------------------------------------
http://svn.digium.com/view/dahdi?view=rev&revision=764
Issue History
Date Modified Username Field Change
======================================================================
06-07-08 11:03 svnbot Note Added: 0088064
======================================================================
More information about the asterisk-bugs
mailing list