[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] ed symlink vulnerability

To: linux-security
Subject: [linux-security] ed symlink vulnerability
Date: Mon, 11 Dec 2000 15:11:17 -0800 (PST)

Topic
=====
Symlink attacks in ed.

Problem Description
===================
The ed editor used files in /tmp with predictable names. By using various
symlink attacks, it is possible for local users to exploit this vulnerability
to modify files that they normally would not have write permissions. That way
they can change the permissions of various files and gain elevated privileges.

Affected Systems
================
All systems that use ed under Linux (probably all Linux systems).

Solution
========

RedHat 6.x
rpm -Fvh ed-0.2-19.6x.i386.rpm

RedHat 7.0
rpm -Fvh ed-0.2-19.i386.rpm

Mandrake 6.x, 7.0
rpm -Fvh ed-0.2-15.1mdk.i586.rpm

Mandrake 7.1
rpm -Fvh ed-0.2-17.1mdk.i586.rpm

Mandrake 7.2
rpm -Fvh ed-0.2-21.1mdk.i586.rpm

Debian 2.2 (potato)
upgrade to ed_0.2-18.1_i386.deb

Prev by Date: [linux-security] bash-1 symlink vulnerability
Next by Date: [linux-security] slocate bugs
Prev by thread: [linux-security] slocate bugs
Next by thread: [linux-security] bash-1 symlink vulnerability
Index(es):
- Date
- Thread