[Full-disclosure] AFFLIB(TM): Time-of-Check-Time-of-Use File Race
Tim
tmorgan at vsecurity.com
Sun Apr 29 16:32:56 BST 2007
This specific vulnerability is not exploitable due to the referenced
code not being executed. I appologize for the misinformation.
Updates to each vulnerability can be found here:
http://www.vsecurity.com/bulletins/advisories/2007/afflib-toctou.txt
http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt
http://www.vsecurity.com/bulletins/advisories/2007/afflib-shellinject.txt
http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt
We are currently not aware of any additional exploitable flaws in AFFLIB.
tim
Full-Disclosure is hosted and sponsored by Secunia.