tags #321446 committed pending
thanks
On Fri, Aug 05, 2005 at 05:36:56PM +0200, Javier Fernández-Sanguino Peña wrote:
> The attached patch is an attempt to fix this behaviour using the
> mktemp tool.
Committed to svn, thanks.
Greetings
Marc
--
--
Package: clamav-getfiles
Version: 0.4-2
Priority: important
Tags: security
The clamav-getfiles script is vulnerable to symlink attacks since it
creates a temporary file in an insecure manner (the process PID is not
suffient to avoid an attack) and does not check if the temporary file
exists befor
2 matches
Mail list logo
