Bug #69594 for Batch-Batchrun: Unsafe /tmp file usage

RT for rt.cpan.org

This queue is for tickets about the Batch-Batchrun CPAN distribution.

Report information

The Basics

Id:	69594
Status:	new
Priority:	0/
Queue:	Batch-Batchrun

People

Owner:	Nobody in particular
Requestors:	john [...] nixnuts.net
Cc:
AdminCc:

Bug Information

Severity:	Important
Broken in:	1.03
Fixed in:	(no value)

History Show all quoted text

Tue Jul 19 22:43:07 2011 john [...] nixnuts.net - Ticket created

Subject:

Unsafe /tmp file usage

In Batch::Batchrun::Dbfunctions::command_sqlplus() $tmpfile = '/tmp/'.$$.'sqlplus.sql'; open ( CMDFILE, ">$tmpfile" ) or die "** cant open $tmpfile because $!"; ...etc... There are a variety of ways to abuse this. Assuming this module is still being used, it should switch to File::Temp::tempfile().

Fri Nov 04 12:23:34 2011 john [...] nixnuts.net - Correspondence added

Thia bug has been assigned CVE-2011-4117