Bugtraq mailing list archives
Re: [RHSA-2000:123-01] New ed packages available
From: Theo de Raadt <deraadt () CVS OPENBSD ORG>
Date: Mon, 11 Dec 2000 13:19:01 -0700
--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New ed packages available Advisory ID: RHSA-2000:123-01 Issue date: 2000-12-06 Updated on: 2000-12-06 Product: Red Hat Linux Keywords: ed mktemp mkstemp /tmp Cross references: N/A --------------------------------------------------------------------- 1. Topic: The ed editor used files in /tmp in an insecure fashion. It was possible for local users to exploit this vulnerability to modify files that they normally could not and gain elevated privilege.
It's amazing to see a $$$-endowed vendor fix this on the 12th of December, in the year 2000, considering: revision 1.4 date: 1996/06/25 00:26:02; author: deraadt; state: Exp; lines: +3 -4 mkstemp Almost four years. Wow.
Current thread:
- [RHSA-2000:123-01] New ed packages available bugzilla (Dec 12)
- Re: [RHSA-2000:123-01] New ed packages available Theo de Raadt (Dec 13)