|
DESCRIPTION The "makewhatis" command, a part of the "man" package, creates predictable files in the /tmp directory during its execution. A malicious local user could gain elevated privileges (gid man) by guessing the filenames before they are created. SOLUTION Download the following RPM packages to the NetWinder into a temporary
directory, then install them with the command "rpm -Uvh *.rpm". Be sure
there are no other files ending in ".rpm" in the temporary directory. See
http://www.netwinder.org/security/install.html for more help. Required packages http://www.netwinder.org/updates/3.1-15/armv4l/man-1.5h1-2.6.x.armv4l.rp REFERENCES Reported on Red Hat's bugtraq on July 3, 2000. |