• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Bogofilter Bogopass Insecure Temporary File Creation Vulnerability

Reportedly, bogopass creates temporary files in a predictable manner. As a result, it is possible for local attackers to read or corrupt files readable by the bogopass process. An attacker could potentially exploit this issue by creating a symbolic link in place of the temporary file which is created. Any actions performed by bogopass when it is executed will be performed on the file pointed to by the symbolic link.