• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GNU Ada Compiler Runtime Library Insecure Temporary File Creation Vulnerability

The GNU Ada Compiler (Gnat) is an open source commercial Ada compiler distributed and maintained by Ada Core Technologies. It is designed for use on Unix, Linux, and Microsoft Operating Systems, in addition to others.

The Gnat runtime libraries use routines that when linked with a binary created by the compiler, can make the binary vulnerable to temporary file race conditions. This is due to the library using the deprecated tmpnam function, which generates a name for a temporary file that did not exist at some point. The function neither checks nor generates errors when generating names for temporary files.