similar to: ANNOUNCE: CVE-2013-4419: insecure temporary directory handling for guestfish's network socket

Displaying 20 results from an estimated 20000 matches similar to: "ANNOUNCE: CVE-2013-4419: insecure temporary directory handling for guestfish's network socket"

2007 Oct 23
0
Bug#447795: xen-utils-3.0.3-1: [CVE-2007-3919] xenmon.py / xenbaked insecure file accesss
Package: xen-utils-3.0.3-1 Version: 3.0.3-0-3 Severity: grave Tags: security Justification: user security hole Xen versions 3.x, and 3.1 contain a tool for processing Xen trace buffer information. This tool uses the static file /tmp/xenq-shm insecurely allowing a local user to truncate any local file when xenbaked or xenmon.py are invoked by root. Sample session: # setup. skx
2012 Jun 14
0
FYI: CVE-2012-2690: virt-edit / guestfish edit didn't preserve permissions on edited files.
Old versions of both virt-edit and the guestfish "edit" command created a new file containing the changes but did not set the permissions, etc of the new file to match the old one. The result of this was that if you edited a security sensitive file such as "/etc/shadow" then it would be left world-readable after the edit. This issue was assigned CVE-2012-2690, and is fixed in
2011 Oct 27
0
[ANNOUNCE] libguestfs 1.14 released - tools for managing virtual machines and disk images
libguestfs is a library and a set of tools for reading, writing, managing, inspecting, rescuing, resizing and aligning disk images, and offline and live virtual machines. I'm pleased to announce the release of libguestfs 1.14, the next stable release of libguestfs. There are many changes and new features in this release -- see below. You can get source and binaries from the website:
2001 Mar 14
0
[RHSA-2001:027-02] Updated sgml-tools packages fix insecure temporary file handling
--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated sgml-tools packages fix insecure temporary file handling Advisory ID: RHSA-2001:027-02 Issue date: 2001-03-09 Updated on: 2001-03-14 Product: Red Hat Linux Keywords: sgml-tools /tmp tempfile Cross
2014 Sep 23
0
[PATCH 13/13] syntax-check: fix trailing_blank check
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> --- builder/website/debian.preseed | 2 +- builder/website/index | 120 +++++----- builder/website/index.asc | 120 +++++----- customize/customize_run.mli | 2 +- daemon/mount.c | 2 +- fish/test-file-attrs.sh | 10 +- generator/c.ml | 2 +- guestfs-release-notes.txt | 520
2010 Oct 21
2
[PATCH 0/2] First part of fix for CVE-2010-3851
These two patches implement the first (and hardest) part of the fix for CVE-2010-3851. This adds a way to specify the format when adding a drive, avoiding qemu's auto-detection. In order to avoid an explosion of different add_drive_* functions (we have 4 already), we have implemented a way to specify optional arguments to functions, so all we need is a single new 'add_drive_opts'
2010 Oct 22
8
[PATCH 0/8 v2] Complete fix for CVE-2010-3851.
1/8 generator: Rearrange argt logically (RHBZ#642934,CVE-2010-3851). 2/8 generator: Optional arguments, add-drive-opts (RHBZ#642934,CVE-2010-3851). These two previously posted. 3/8 fish: Specify format of disks (RHBZ#642934,CVE-2010-3851). Updates to guestfish to add the --format option and to make -d copy the format from libvirt. 4/8 fuse: Specify format of disks (RHBZ#642934,CVE-2010-3851).
2018 Jun 15
1
[PATCH v2] lib: Convert all drive socket parameters to an absolute path (RHBZ#1588451).
Also fix two tests which assumed that you could add a non-existent socket. --- fish/test-add-uri.sh | 16 ++++++++++++---- lib/drives.c | 14 +++++++++++++- tests/disks/test-qemu-drive.sh | 19 ++++++++++++++----- 3 files changed, 39 insertions(+), 10 deletions(-) diff --git a/fish/test-add-uri.sh b/fish/test-add-uri.sh index 756df997b..cb4d40199 100755 ---
2017 Sep 04
0
[Gluster-devel] docs.gluster.org
On Fri, Sep 01, 2017 at 06:21:38PM -0400, Amye Scavarda wrote: > On Fri, Sep 1, 2017 at 9:42 AM, Michael Scherer <mscherer at redhat.com> wrote: > > Le vendredi 01 septembre 2017 ? 14:02 +0100, Michael Scherer a ?crit : > >> Le mercredi 30 ao?t 2017 ? 12:11 +0530, Nigel Babu a ?crit : > >> > Hello, > >> > > >> > To reduce confusion,
2017 Sep 01
2
[Gluster-devel] docs.gluster.org
On Fri, Sep 1, 2017 at 9:42 AM, Michael Scherer <mscherer at redhat.com> wrote: > Le vendredi 01 septembre 2017 ? 14:02 +0100, Michael Scherer a ?crit : >> Le mercredi 30 ao?t 2017 ? 12:11 +0530, Nigel Babu a ?crit : >> > Hello, >> > >> > To reduce confusion, we've setup docs.gluster.org pointing to >> > gluster.readthedocs.org. Both URLs will
2000 Jul 03
0
[RHSA-2000:041-02] man package''s ''makewhatis'' uses insecure handling of files in /tmp
--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: man package''s ''makewhatis'' uses insecure handling of files in /tmp Advisory ID: RHSA-2000:041-02 Issue date: 2000-07-03 Updated on: 2000-07-03 Product: Red Hat Linux Keywords: man /tmp
1998 Oct 21
0
Insecure /tmp handling in isdnlog
The isdnlog program (provided by isdn4k-utils.tar.gz) creates a root-owned temp file called /tmp/isdnctrl (or /tmp/isdnctrl0) and no checking for symbolic links is done. The file is opened append only, a user can make a symbolic from /tmp/isdnctrl to any file and mess things up. example: ln -s /var/spool/mail/root /tmp/isdnctrl -- dentoir Fart Foundation Security through immaturity
2000 Jul 07
1
Potentially insecure format string handling in PAM support
-----BEGIN PGP SIGNED MESSAGE----- With the recent remote root Wu-ftpd exploit based upon incorrect format string handling (processing user-supplied data as format strings), I've taken to scanning any code with elevated permissions for similar problems. I found one in the portable version of OpenSSH. Its only outputting messages passed back by PAM, I think, so I don't think its
2019 Jun 28
0
Re: Guestfish command - "copy-out" not working for symbolic links
guestfish --ro -a /path/to/disk run : mount /dev/your-blkdev / : download /etc/resolv.conf /path/on/host/dst.file Is also not working for symbolic link - as "/etc/resolv.conf" is symbolic link. ________________________________ From: Nikolay Ivanets <stenavin@gmail.com> Sent: Friday, June 28, 2019 11:34 AM To: Chintan Patel Cc: Chintan Patel; libguestfs@redhat.com Subject: Re:
2009 Sep 11
1
[PATCH] guestfish: Redirect stdout when executing remote commands
guestfish --listen necessarily redirects its stdout to /dev/null so as not to interfere with eval. The remote protocol doesn't contain any other provision for collecting stdout for the caller, so executing guestfish --remote will never generate any output. This patch fixes that by forwarding the caller's STDOUT to the listener over the unix socket connection. The listener redirects its
2017 Sep 01
0
[Gluster-devel] docs.gluster.org
Le vendredi 01 septembre 2017 ? 14:02 +0100, Michael Scherer a ?crit?: > Le mercredi 30 ao?t 2017 ? 12:11 +0530, Nigel Babu a ?crit?: > > Hello, > > > > To reduce confusion, we've setup docs.gluster.org pointing to > > gluster.readthedocs.org. Both URLs will continue to work for the > > forseeable > > future. > > > > Please update any
2014 Jan 20
0
Re: guestfish and luks-format
On Mon, Jan 20, 2014 at 04:39:42PM +0100, Olaf Hering wrote: > > Is "luks-format" supposed to work with guestfish? Like guestfish <<EOF > luks-format /dev/sda4 0 > EOF > > Appearently it lacks an option to give the passphrase programmatically. > Was this option skipped on purpose? The underlying API takes a passphrase parameter, ie:
2011 Apr 16
1
NOTE: running ./fish/guestfish etc from build dir without installing
In 1.11.1 / git, I have made some changes to the way that you run guestfish, guestmount and the virt tools from the build directory without installing. Firstly you can't just run ./fish/guestfish or ./fuse/guestmount any more and have those programs magically set LIBGUESTFS_PATH. The automagic code was always error-prone and I have removed it. Secondly, all of the run-*-local scripts have
2019 Jun 28
0
Re: Guestfish command - "copy-out" not working for symbolic links
All API is exposed as gustfish commands -- Mykola Ivanets пт, 28 черв. 2019, 21:28 користувач Chintan Patel < chintan.r.patel@outlook.com> пише: > This no going to work. > AS I told you I need something under guestfish command list not from > guestfs commands. > > Thanks, > Chintan > ------------------------------ > *From:* Nikolay Ivanets
2012 Jun 04
1
guestfish1.7.17 does not support qemu-kvm1.0.93?
Hi,all,i build qemu-kvm1.0.93 from source code on centos6.2 , # qemu-system-x86_64 --version QEMU emulator version 1.0.93 (qemu-kvm-devel), Copyright (c) 2003-2008 Fabrice Bellard and the guestfish's version: # guestfish --version guestfish 1.7.17 but when i use the guestfish command to upload a file to a vm,it does not work , # guestfish --rw -i -d centosvm upload /test/ifcfg-eth0_centos