David F. Skoll wrote: > I think we all need to calm down. > > "Vulnerability" #1: Yes, cli_gentemp has a theoretical race condition. > Is it theoretically exploitable? Sure. Is it *likely* to be exploited > in the real world? No. You have to guess 128 bits of mildly-good random > data. That's quite unlikely.
Does any admin actually run this stuff without setting the temp directory ahead of time? This problem is as old as Unix. It is an operator issue. Bad operators make all manner of errors. This can hardly be put on the ClamAV people. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
