FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 18:22:07 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
5039ae61-2c9f-11db-8401-000ae42e9b93	globus -- Multiple tmpfile races The Globus Alliance reports: The proxy generation tool (grid-proxy-init) creates the file, secures the file to provide access only to owner and writes proxy to the file. A race condition exists between the opening of the proxy credentials file, and making sure it is safe file to write to. The checks to ensure this file is accessible only to the owner take place using the filename after the file is opened for writing, but before any data is written. Various components of the toolkit use files in shared directories to store information, some being sensitive information. For example, the tool to create proxy certificates, stores the generated proxy certificate by default in /tmp. Specific vulnerabilities in handling such files were reported in myproxy-admin-adduser, grid-ca-sign and grid-security-config. Discovery 2006-08-08 Entry 2006-08-15 Modified 2010-05-12 globus < 4.0.2_20060706 CVE-2006-4232 CVE-2006-4233 http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html

VuXML ID

Description

5039ae61-2c9f-11db-8401-000ae42e9b93

globus -- Multiple tmpfile races

The Globus Alliance reports:

The proxy generation tool (grid-proxy-init) creates the file, secures the file to provide access only to owner and writes proxy to the file. A race condition exists between the opening of the proxy credentials file, and making sure it is safe file to write to. The checks to ensure this file is accessible only to the owner take place using the filename after the file is opened for writing, but before any data is written.

Various components of the toolkit use files in shared directories to store information, some being sensitive information. For example, the tool to create proxy certificates, stores the generated proxy certificate by default in /tmp. Specific vulnerabilities in handling such files were reported in myproxy-admin-adduser, grid-ca-sign and grid-security-config.

Discovery 2006-08-08
Entry 2006-08-15
Modified 2010-05-12
globus

< 4.0.2_20060706

CVE-2006-4232
CVE-2006-4233
http://www.globus.org/mail_archive/security-announce/2006/08/msg00000.html
http://www.globus.org/mail_archive/security-announce/2006/08/msg00001.html