Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA-200410-07 Normal: Ed Insecure File Access System Threat

gentoo
Calendar Grey October 9, 2004
Dist Gentoo Esm H88
The cvs tool on Fedora is vulnerable to directory traversal exploits, enabling possible unauthorized access to sensitive files. Update immediately!
The ed utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite or change rights on arbitrary files with the rights of the user running ed, which co...

Summary

Gentoo Linux Security Advisory GLSA 200410-07 https://security.gentoo.org/ Severity: Normal Title: ed: Insecure temporary file handling Date: October 09, 2004 Bugs: #66400 ID: 200410-07

Synopsis ======= The ed utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite or change rights on arbitrary files with the rights of the user running ed, which could be the root user.
Background ========= ed is a line-oriented text editor, used to create or modify text files, both interactively and via shell scripts.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/ed <= 0.2-r3 >= 0.2-r4
========== ed insecurely creates temporary files in world-writeable directories...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory Gentoo symlink attack local attack file permissions normal severity ed utility

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory Gentoo symlink attack local attack file permissions normal severity ed utility

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here