Skip Menu |
 

This queue is for tickets about the Batch-Batchrun CPAN distribution.

Report information
The Basics
Id: 69594
Status: new
Priority: 0/
Queue: Batch-Batchrun

People
Owner: Nobody in particular
Requestors: john [...] nixnuts.net
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 1.03
Fixed in: (no value)



Subject: Unsafe /tmp file usage
Download (untitled) / with headers
text/plain 305b
In Batch::Batchrun::Dbfunctions::command_sqlplus() $tmpfile = '/tmp/'.$$.'sqlplus.sql'; open ( CMDFILE, ">$tmpfile" ) or die "** cant open $tmpfile because $!"; ...etc... There are a variety of ways to abuse this. Assuming this module is still being used, it should switch to File::Temp::tempfile().
Thia bug has been assigned CVE-2011-4117


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.