Re: [RHSA-2000:123-01] New ed packages available

[Theo de Raadt <deraadt () CVS OPENBSD ORG>]

> ---------------------------------------------------------------------
>                    Red Hat, Inc. Security Advisory
>
> Synopsis:          New ed packages available
> Advisory ID:       RHSA-2000:123-01
> Issue date:        2000-12-06
> Updated on:        2000-12-06
> Product:           Red Hat Linux
> Keywords:          ed mktemp mkstemp /tmp
> Cross references:  N/A
> ---------------------------------------------------------------------
>
> 1. Topic:
>
> The ed editor used files in /tmp in an insecure fashion.
> It was possible for local users to exploit this vulnerability
> to modify files that they normally could not and gain elevated privilege.

It's amazing to see a $$$-endowed vendor fix this on the 12th of
December, in the year 2000, considering:

revision 1.4
date: 1996/06/25 00:26:02;  author: deraadt;  state: Exp;  lines: +3 -4
mkstemp

Almost four years.  Wow.