SecurityvulnsSECURITYVULNS:DOC:30884[oss-security] CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure
Good morning,
http://seclists.org/fulldisclosure/2014/Jun/21 reports two temporary file issues.
The first is in PHP's configure script:
char *filename = "/tmp/phpglibccheck";
(Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1104978)
The second issue is Lynis writing a predictable file to /tmp/. Looking at the source I cannot tell which file that is, but 2 runs on Fedora 20 revealed the following file being used each time:
/tmp/ffiYFc1nZ
I cannot find that in the source. I do not know if lynsis exec()'s any other scripts or programs. The full disclosure report might be referring to the following in include/tests_webservers:
39 if [ "${OS}" = "AIX" ]; then
40 TMPFILE=/tmp/lynis.$$
Thanks,
–
Murray McAllister / Red Hat Security Response Team