GNU ed symlink
| gnu-ed-symlink (5723) |  Medium Risk |
Description:
GNU ed package creates temporary files with predictable file names in the /tmp directory. A local attacker could use this vulnerability to launch a symlink attack and gain elevated privileges.
Consequences:
File Manipulation
Remedy:
For Red Hat Linux 5.2:
Upgrade to the latest version of ed (0.2-19.5x or later), as listed in RHSA-2000:123-01. See References.
For Red Hat Linux 6.0 through 6.2:
Upgrade to the latest version of ed (0.2-19.6x or later), as listed in RHSA-2000:123-01. See References.
For Red Hat Linux 7.0:
Upgrade to the latest version of ed (0.2-19 or later), as listed in RHSA-2000:123-01. See References.
For Conectiva Linux 4.0 through 4.2, 5.0, 5.1, and 6.0:
Upgrade to the latest version of pam (0.72-23cl or later), as listed in CONECTIVA LINUX SECURITY ANNOUNCEMENT - ed. See References.
For Immunix OS 6.2:
Upgrade to the latest version of ed (0.2-19.6x_StackGuard or later), as listed in Immunix OS Security Advisory IMNX-2000-70-015-01. See References.
For Immunix OS 7.0:
Upgrade to the latest version of ed (0.2-19_StackGuard or later), as listed in Immunix OS Security Advisory IMNX-2000-70-015-01. See References.
For Linux Mandrake 6.0, 6.1, and 7.0:
Upgrade to the latest version of ed (0.2-15-1 or later), as listed in MandrakeSoft Security Advisory MDKSA-2000:076 : ed. See References.
For Linux Mandrake 7.1:
Upgrade to the latest version of ed (0.2-17.1 or later), as listed in MandrakeSoft Security Advisory MDKSA-2000:076 : ed. See References.
For Linux Mandrake 7.2:
Upgrade to the latest version of ed (0.2-21.1 or later), as listed in MandrakeSoft Security Advisory MDKSA-2000:076 : ed. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- BugTraq Mailing List, Mon Dec 11 2000 - 10:08:14 CST: pico Text Editor Symbolic Link Vulnerability : ERROR CONNECTION.
- Conectiva Linux Announcement CLSA-2000:359: ed.
- Immunix OS Security Advisory IMNX-2000-70-015-01: ed.
- MandrakeSoft Security Advisory MDKSA-2000:076: ed.
- Wkit Security Advisory WSIR-00/11-02: pico Text Editor Symbolic Link Vulnerability.
- BID-2095: GNU Ed Symlink Vulnerability
- CVE-2000-1137: GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
- GLSA-200410-07: ed: Insecure temporary file handling
- OSVDB ID: 6491: GNU ed tmpfile Symlink Arbitrary File Overwrite
- RHSA-2000-123: New ed packages available
Platforms Affected:
- Connectiva Linux
- Debian Debian Linux 2.2
- Gentoo Linux
- Immunix Immunix OS 6.2
- Immunix Immunix OS 7.0-beta
- MandrakeSoft Mandrake Linux 6.0
- MandrakeSoft Mandrake Linux 6.1
- MandrakeSoft Mandrake Linux 7.0
- MandrakeSoft Mandrake Linux 7.1
- MandrakeSoft Mandrake Linux 7.2
- RedHat Linux 5.2
- RedHat Linux 6.0
- RedHat Linux 6.1
- RedHat Linux 6.2
- RedHat Linux 7
- RedHat Linux 7.1
- RedHat Linux 7.2
- RedHat Linux 7.3
- University of Washington Pico Text Editor 3.7 to 4.3
Reported:
Dec 11, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net