Showing 1 - 1 of 1

CVE-2020-11979

Status Candidate

Overview

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

Related Files

Gentoo Linux Security Advisory 202011-18: Posted Nov 16, 2020; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202011-18 - Apache Ant uses various insecure temporary files possibly allowing local code execution. Versions less than 1.10.9 are affected.; tags | advisory, local, code execution; systems | linux, gentoo; advisories | CVE-2020-11979; MD5 | 7cc68dbbc5e2a4e57e20b6c2186249bb; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 192 files
Ubuntu 56 files
Gentoo 19 files
Apple 9 files
LiquidWorm 7 files
Google Security Research 7 files
SamAlucard 7 files
yunaranyancat 6 files
Jim Becher 6 files
Mufaddal Masalawala 5 files

File Archives

Systems

AIX (421)
Apple (1,751)
BSD (368)
Cisco (1,899)
Debian (5,945)
Fedora (1,688)
FreeBSD (1,241)
Gentoo (3,976)
HPUX (873)
iOS (277)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (38,915)
Mac OS X (670)
Mandriva (3,105)
NetBSD (255)
OpenBSD (472)
RedHat (9,375)
Slackware (941)
Solaris (1,595)
SUSE (1,444)
Ubuntu (6,994)
UNIX (8,783)
UnixWare (180)
Windows (5,686)
Other

CVE-2020-11979

Overview

Related Files

File Archive:

November 2020

Top Authors In Last 30 Days

File Tags

File Archives

Systems