NetWinder.org - NetWinder security advisory Page

NAVIGATION

About
News
Support

Downloads
- Search
- Mirrors
- Auto update

Documentation
- FAQ
- HOWTOs
- ARM info
- Crusoe info

Development
- Toolchain
- Autobuild
- Users

Sponsored by:

NetWinder security advisory

ID	2000-010
Issued	2000-Jul-04
Package	man
Summary	Insecure /tmp files in man
Category	Insecure temporary file creation
Severity	Low (local privilege escalation)
Products	Developer dm-3.1-15 and earlier
	OfficeServer os-1.5-4 and earlier

DESCRIPTION

The "makewhatis" command, a part of the "man" package, creates predictable files in the /tmp directory during its execution. A malicious local user could gain elevated privileges (gid man) by guessing the filenames before they are created.

SOLUTION

Download the following RPM packages to the NetWinder into a temporary directory, then install them with the command "rpm -Uvh *.rpm". Be sure there are no other files ending in ".rpm" in the temporary directory. See http://www.netwinder.org/security/install.html for more help.

Required packages

http://www.netwinder.org/updates/3.1-15/armv4l/man-1.5h1-2.6.x.armv4l.rp

REFERENCES

Reported on Red Hat's bugtraq on July 3, 2000.