Notified: June 07, 2000 Updated: June 15, 2001
Affected
Caldera reports the vulnerability of Caldera Linux to this flaw at http://www.caldera.com/support/security/advisories/CSSA-2000-021.0.txt.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 27, 2000 Updated: June 15, 2001
Affected
CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE : man SUMMARY : Insecure directory creation in /tmp DATE : 2000-07-27 AFFECTED CONECTIVA VERSIONS : 5.1 DESCRIPTION This announcement is being re-released specifically for Conectiva Linux 5.1. Redhat has identified a problem with the man package which also affects Conectiva Linux. Conectiva Linux versions prior to 5.1 have already been patched. The man package has a script called makewhatis that is run weekly by the cron daemon as root. This script creates a directory in /tmp and some files under it with predictable names, thus making it possible for a local attacker to alter any file in the system via symlink attacks. SOLUTION All users of Conectiva Linux 5.1 should upgrade. Conectiva Linux versions prior to 5.1 have already been patched. DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/man-1.5g-9cl.i386.rpm DIRECT LINK TO THE SOURCE PACKAGES ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/man-1.5g-9cl.src.rpm
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 07, 2000 Updated: June 15, 2001
Affected
MandrakeSoft reports the vulnerability of Linux-Mandrake to this flaw at http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-015.php3?dis=6.0.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 15, 2001
Affected
Red Hat reports their vulnerability to this flaw at http://www.redhat.com/support/errata/RHSA-2000-041-02.html.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.