VULHUB ™

Geheimnis is a freely available, open source graphical application. It is designed to act as a frontend to GnuPG or PGP, and is usually used on the Linux or Unix platforms with KDE2. Geheimnis uses the mktemp function to generate temporary files. mktemp requires a filename ending with an extension of XXXXXX (six x's). When the temporary file is generated, the name of the file is generated by taking the predetermined name in the program, and filling the field of X's with a random value. However, some operating systems fill the first five X's in the field with the process number, and the last X with one of twenty-six lower case letters in the alphabet. This could lead to a symbolic link attack in the event that the file name is guessed, and the existence of a file using the same name is not checked for by Geheimnis.

Geheimnis is a freely available, open source graphical application. It is designed to act as a frontend to GnuPG or PGP, and is usually used on the Linux or Unix platforms with KDE2. Geheimnis uses the mktemp function to generate temporary files. mktemp requires a filename ending with an extension of XXXXXX (six x's). When the temporary file is generated, the name of the file is generated by taking the predetermined name in the program, and filling the field of X's with a random value. However, some operating systems fill the first five X's in the field with the process number, and the last X with one of twenty-six lower case letters in the alphabet. This could lead to a symbolic link attack in the event that the file name is guessed, and the existence of a file using the same name is not checked for by Geheimnis.