ada/5903: Buffer overflow in temporary file creation
fw@deneb.enyo.de
fw@deneb.enyo.de
Sun Mar 10 01:46:00 GMT 2002
>Number: 5903
>Category: ada
>Synopsis: Buffer overflow in temporary file creation
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Mar 10 01:46:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: fw@deneb.enyo.de
>Release: 3.1 20020308 (prerelease), 3.2 20020308 (experimental)
>Organization:
>Environment:
i686-pc-linux-gnu
>Description:
There is a buffer overflow bug in adaint.c:__gnat_tmp_name() (inside the #ifdef linux).
This bug could lead to unsafe setuid/setgid programs on GNU/Linux systems.
>How-To-Repeat:
>Fix:
Limit the length of the string copied from the TMPDIR environment variable.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the Gcc-prs
mailing list