ed symlink attack
Jason Justman
justmanj@msu.edu
Wed, 29 Nov 2000 00:58:51 -0500
And to think - Ed is in charge of MSU-Network Security Announcements! How in
the world did he let this one slip thru his fingers?
Sean wrote:
> Im not sure I really want to know how to exploit the security hole in ed's
> package when it involves linking..
>
> On 28 Nov 2000, Ben Pfaff wrote:
>
> > Hey Ed, did you notice that someone found that you have a
> > security hole? Make sure to upgrade yourself quickly before it
> > gets exploited!
> >
> > Ben
> >
> > Original message:
> > ----------------------------------------------------------------------
> > Date: Wed, 29 Nov 2000 02:14:47 +0100
> > From: Wichert Akkerman <wichert@cistron.nl>
> > To: debian-security-announce@lists.debian.org
> >
> > Package : ed
> > Problem type : symlink attack
> > Debian-specific: no
> >
> > Alan Cox discovered that GNU ed (a classed line editor tool)
> > created temporary files unsafely. This has been fixed in version
> > 0.2-18.1.
> >
> > [much snippage]
> > ----------------------------------------------------------------------
> > _______________________________________________
> > linux-user mailing list
> > linux-user@egr.msu.edu
> > http://www.egr.msu.edu/mailman/listinfo/linux-user
> >
>
> _______________________________________________
> linux-user mailing list
> linux-user@egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user