Ticket #588 (closed defect: fixed)

Opened 15 years ago

Last modified 15 years ago

Insecure tempfile creation in SSHBase

Reported by: [email protected] Owned by: desai
Priority: blocker Milestone: Bcfg2 0.9.6 Release
Component: bcfg2-server Version:
Keywords: security Cc:



The tempfile names used by SSHBase are predictable. For hosts witch keys not yet generated, a local attacker can choose the keys for the host.

The patch included fix this problem.


patch (1.3 KB) - added by [email protected] 15 years ago.

Change History

Changed 15 years ago by [email protected]

comment:1 Changed 15 years ago by desai

  • Status changed from new to closed
  • Resolution set to fixed
  • Milestone set to Bcfg2 0.9.6 Release

Committed in [9ef9c703159404dba311e18624d2fdd5fb399020] (SVN r4854). Thanks for the patch.

WARNING! You need to establish a session before you can create or edit tickets. Otherwise the ticket will get treated as spam.


Add a comment

Modify Ticket

Change Properties
<Author field>
as closed
The resolution will be deleted. Next status will be 'reopened'

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.