Linux NEdit symlink when printing

nedit-print-symlink (6424)

Low Risk

Description:

Nirvana Editor (NEdit) could allow an attacker to launch a symlink attack. NEdit insecurely creates temporary files in the /tmp directory when printing text. An attacker could use this vulnerability to create a symbolic link in the /tmp directory to gain privileges of the current user.

Consequences:

Gain Privileges

Remedy:

For SuSE Linux 6.3:
Upgrade to the latest version of nedit (5.0.2-208 or later), as listed in SuSE Security Announcement SuSE-SA:2001:14. See References.

For SuSE Linux 6.4:
Upgrade to the latest version of nedit (5.0.2-207 or later), as listed in SuSE Security Announcement SuSE-SA-2001:14. See References.

For SuSE Linux 7.0 and 7.1:
Upgrade to the latest version of nedit (5.1.1-151 or later), as listed in SuSE Security Announcement SuSE-SA:2001:14. See References.

For Linux-Mandrake 7.1, 7.2, and Corporate Server 1.0.1:
Upgrade to the latest version of nedit (5.1.1-9 or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:042 : nedit. See References.

For Mandrake Linux 8.0:
Upgrade to the latest version of nedit (5.1.1-13 or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:042 : nedit. See References.

For Debian 2.2:
Upgrade to the latest version of nedit (5.02-7.1 or later), as listed in DSA-053-1. See References.

For Progeny Debian:
Upgrade to the latest version of nedit (5.1.1-1.0progeny1 or later), as listed in Progeny Security Advisory PROGENY-SA-2001-10. See References.

For Red Hat Linux 5.2:
Upgrade to the latest version of nedit (5.1.1-0.5x.1 or later), as listed in RHSA-2001:061-02. See References.

For Red Hat Linux 6.2:
Upgrade to the latest version of nedit (5.1.1-0.6x.1 or later), as listed in RHSA-2001:061-02. See References.

For Red Hat Linux 7.0:
Upgrade to the latest version of nedit (5.1.1-4.70.1 or later), as listed in RHSA-2001:061-02. See References.

For Red Hat Linux 7.1:
Upgrade to the latest version of nedit (5.1.1-6 or later), as listed in RHSA-2001:061-02. See References.

For SGI IRX 6.5.x:
Apply the appropriate patch for your system, as listed in SGI Security Advisory 20011105-01-P. See References.

For other distributions:
Contact your vendor for patch or upgrade information.

References:

• CIAC Information Bulletin M-025: IRIX NEdit Vulnerability.
• Progeny Linux Systems Security Advisory PROGENY-SA-2001-10: nedit.
• SGI Security Advisory 20011105-01-P: IRIX NEdit Vulnerability.
• SuSE Security Announcement SuSE-SA:2001:014: nedit.
• BID-2627: NEdit Temporary File Creation Vulnerability
• BID-2667: NEdit Incremental Backup File Symbolic Link Vulnerability
• CVE-2001-0556: The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file.
• DSA-053: nedit -- insecure temporary file
• MDKSA-2001:042: Updated nedit packages fix temporary file vulnerability
• RHSA-2001-061: Updated nedit packages available

Platforms Affected:

• Debian Debian Linux 2.2
• MandrakeSoft Mandrake Linux 7.1
• MandrakeSoft Mandrake Linux 7.2
• MandrakeSoft Mandrake Linux 8.0
• MandrakeSoft Mandrake Linux Corporate Server 1.0.1
• NEdit.org Nirvana Editor (NEdit)
• RedHat Linux 5.2
• RedHat Linux 6.2
• RedHat Linux 7
• RedHat Linux 7.1
• RedHat Linux 7.2
• RedHat Linux 7.3
• RedHat Linux Powertools 6.2
• RedHat Linux Powertools 7.0
• RedHat Linux Powertools 7.1
• SGI IRIX 6.5
• SGI IRIX 6.5 20
• SGI IRIX 6.5.1
• SGI IRIX 6.5.10
• SGI IRIX 6.5.10f
• SGI IRIX 6.5.10m
• SGI IRIX 6.5.11
• SGI IRIX 6.5.11f
• SGI IRIX 6.5.11m
• SGI IRIX 6.5.12
• SGI IRIX 6.5.12f
• SGI IRIX 6.5.12m
• SGI IRIX 6.5.13
• SGI IRIX 6.5.13f
• SGI IRIX 6.5.13m
• SGI IRIX 6.5.14
• SGI IRIX 6.5.14f
• SGI IRIX 6.5.14m
• SGI IRIX 6.5.15
• SGI IRIX 6.5.15f
• SGI IRIX 6.5.15m
• SGI IRIX 6.5.16
• SGI IRIX 6.5.16f
• SGI IRIX 6.5.16m
• SGI IRIX 6.5.17
• SGI IRIX 6.5.17f
• SGI IRIX 6.5.17m
• SGI IRIX 6.5.18
• SGI IRIX 6.5.18f
• SGI IRIX 6.5.18m
• SGI IRIX 6.5.19
• SGI IRIX 6.5.19f
• SGI IRIX 6.5.19m
• SGI IRIX 6.5.2
• SGI IRIX 6.5.20
• SGI IRIX 6.5.20f
• SGI IRIX 6.5.20m
• SGI IRIX 6.5.21
• SGI IRIX 6.5.21f
• SGI IRIX 6.5.21m
• SGI IRIX 6.5.22
• SGI IRIX 6.5.22m
• SGI IRIX 6.5.23
• SGI IRIX 6.5.23m
• SGI IRIX 6.5.24
• SGI IRIX 6.5.24m
• SGI IRIX 6.5.25
• SGI IRIX 6.5.26
• SGI IRIX 6.5.27
• SGI IRIX 6.5.28
• SGI IRIX 6.5.2f
• SGI IRIX 6.5.2m
• SGI IRIX 6.5.3
• SGI IRIX 6.5.3f
• SGI IRIX 6.5.3m
• SGI IRIX 6.5.4
• SGI IRIX 6.5.4f
• SGI IRIX 6.5.4m
• SGI IRIX 6.5.5
• SGI IRIX 6.5.5f
• SGI IRIX 6.5.5m
• SGI IRIX 6.5.6
• SGI IRIX 6.5.6f
• SGI IRIX 6.5.6m
• SGI IRIX 6.5.7
• SGI IRIX 6.5.7f
• SGI IRIX 6.5.7m
• SGI IRIX 6.5.8
• SGI IRIX 6.5.8f
• SGI IRIX 6.5.8m
• SGI IRIX 6.5.9
• SGI IRIX 6.5.9f
• SGI IRIX 6.5.9m
• SUSE SuSE Linux 6.3
• SUSE SuSE Linux 6.4
• SUSE SuSE Linux 7.0
• SUSE SuSE Linux 7.1

Reported:

Apr 18, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page