Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200410-07] ed: Insecure temporary file handling


Vulnerability Assessment Details

[GLSA-200410-07] ed: Insecure temporary file handling

Vulnerability Assessment Summary
ed: Insecure temporary file handling

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200410-07
(ed: Insecure temporary file handling)


ed insecurely creates temporary files in world-writeable directories with
predictable names. Given that ed is used in various system shell scripts,
they are by extension affected by the same vulnerability.

Impact

A local attacker could create symbolic links in the temporary files
directory, pointing to a valid file somewhere on the filesystem. When ed is
called, this would result in file access with the rights of the user
running the utility, which could be the root user.

Workaround

There is no known workaround at this time.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1137


Solution:
All ed users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=sys-apps/ed-0.2-r4"
# emerge ">=sys-apps/ed-0.2-r4"


Network Security Threat Level: Medium


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi

Cables, Connectors


Dell R640 8x 2.5

Dell R640 8x 2.5" SFF iDRAC 2x 25GbE SFP28- Wholesale Custom Build Your Server

$259.99



Dell Poweredge R720xd 2x Xeon E5-2690 v2 3GHz 20-Cores  256GB  H710  26x Trays picture

Dell Poweredge R720xd 2x Xeon E5-2690 v2 3GHz 20-Cores 256GB H710 26x Trays

$304.99



Dell Poweredge R620 2x E5-2670 2.6ghz 16-Cores | 32gb | H710 | 2x Trays | 750w picture

Dell Poweredge R620 2x E5-2670 2.6ghz 16-Cores | 32gb | H710 | 2x Trays | 750w

$129.99



Dell Poweredge R630 2x Xeon E5-2680 v3 2.5ghz 24-Cores  32gb  240GB SSD  495w picture

Dell Poweredge R630 2x Xeon E5-2680 v3 2.5ghz 24-Cores 32gb 240GB SSD 495w

$164.99



Dell PowerEdge R630 Server 2x E5-2697v3 2.60Ghz 28-Core 128GB RAM 8x Caddies picture

Dell PowerEdge R630 Server 2x E5-2697v3 2.60Ghz 28-Core 128GB RAM 8x Caddies

$353.15



Dell PowerEdge R640 8SFF Gold 5118 24C 2.3GHz 64Gb H740p iDRAC Ent 1U Server picture

Dell PowerEdge R640 8SFF Gold 5118 24C 2.3GHz 64Gb H740p iDRAC Ent 1U Server

$279.95



Dell PowerEdge R730xd Server LFF 2x E5-2680v4 2.4GHz 14C 64GB 12x Trays picture

Dell PowerEdge R730xd Server LFF 2x E5-2680v4 2.4GHz 14C 64GB 12x Trays

$459.00



Dell R640 8x 2.5

Dell R640 8x 2.5" SFF Server iDRAC - Wholesale Custom Build Your Server

$400.99



Dell Poweredge R230 Server 1x E3-1240 V5 - 3.5GHz | H730 | 32GB RAM | 4x trays picture

Dell Poweredge R230 Server 1x E3-1240 V5 - 3.5GHz | H730 | 32GB RAM | 4x trays

$199.00



Dell Poweredge R620 2x E5-2670 2.6ghz 16-Cores | 32gb | H710 | 10x Trays | 750w picture

Dell Poweredge R620 2x E5-2670 2.6ghz 16-Cores | 32gb | H710 | 10x Trays | 750w

$199.99



Discussions

No Discussions have been posted on this vulnerability.