[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] ispell temp file creation

To: linux-security
Subject: [linux-security] ispell temp file creation
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 14 Jun 2001 17:11:53 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
insecure creation of temporary files by ispell. 

Problem Description
===================
The ispell program uses mktemp() to open temporary files - this makes it
vulnerable to symlink attacks.
  
The new version now uses mkstemp(), and also switches from gets() to fgets()
in two locations dealing with user input. The patches for ispell are from
OpenBSD.

Affected Systems
================
All versions of ispell <= 3.1.20
RedHat 7.x is not vulnerable (doesn't use ispell)

Solution
========
upgrade to patched versions

RedHat 6.x
----------
rpm -Fvh ispell-3.1.20-27.i386.rpm \
         ispell-catalan-3.1.20-27.i386.rpm \
         ispell-czech-3.1.20-27.i386.rpm \
         ispell-danish-3.1.20-27.i386.rpm \
         ispell-dutch-3.1.20-27.i386.rpm \
         ispell-esperanto-3.1.20-27.i386.rpm \
         ispell-french-3.1.20-27.i386.rpm \
         ispell-german-3.1.20-27.i386.rpm \
         ispell-greek-3.1.20-27.i386.rpm \
         ispell-italian-3.1.20-27.i386.rpm \
         ispell-norwegian-3.1.20-27.i386.rpm \
         ispell-polish-3.1.20-27.i386.rpm \
         ispell-portuguese-3.1.20-27.i386.rpm \
         ispell-russian-3.1.20-27.i386.rpm \
         ispell-spanish-3.1.20-27.i386.rpm \
         ispell-swedish-3.1.20-27.i386.rpm \
         ispell-dicts-3.1.20-27.i386.rpm

Prev by Date: [linux-security] xinetd: insecure umask
Next by Date: [linux-security] LPRng priviledges bugs
Prev by thread: [linux-security] LPRng priviledges bugs
Next by thread: [linux-security] xinetd: insecure umask
Index(es):
- Date
- Thread