Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

rPSA-2007-0012-1 ed

From: rPath Update Announcements <announce-noreply () rpath com>
Date: Tue, 23 Jan 2007 03:45:58 -0500
rPath Security Advisory: 2007-0012-1
Published: 2007-01-23
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
    Local User Non-deterministic Vulnerability
Updated Versions:
    ed=/conary.rpath.com@rpl:devel//1/0.4-1-0.1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6939
    https://issues.rpath.com/browse/RPL-962

Description:
    Previous versions of the ed package are vulnerable to a symlink
    attack which allows a local attacker to overwrite arbitrary files
    writeable by the user running ed with contents provided by the
    user running the ed program.
Previous By Date Next
Previous By Thread Next

Current thread: