rPSA-2007-0012-1 ed
rPath Update Announcements announce-noreply at rpath.com
Tue Jan 23 03:45:58 EST 2007
Previous message: rPSA-2007-0011-1 wget
Next message: rPSA-2007-0013-1 poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--------------------------------------------------------------------------------
rPath Security Advisory: 2007-0012-1
Published: 2007-01-23
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
Local User Non-deterministic Vulnerability
Updated Versions:
ed=/conary.rpath.com at rpl:devel//1/0.4-1-0.1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6939
https://issues.rpath.com/browse/RPL-962
Description:
Previous versions of the ed package are vulnerable to a symlink
attack which allows a local attacker to overwrite arbitrary files
writeable by the user running ed with contents provided by the
user running the ed program.
jueves, 25 de enero de 2007
ed (symlink attack)
Etiquetas:
SEGURIDAD INFORMATICA
Suscribirse a:
Comentarios de la entrada (Atom)
No hay comentarios.:
Publicar un comentario