Description
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
Affected products
- caldera / openlinux2.3 – 2.3
- caldera / openlinux2.4 – 2.4
- mandrakesoft / mandrake_linux6.0 – 6.0
- mandrakesoft / mandrake_linux6.1 – 6.1
- mandrakesoft / mandrake_linux7.0 – 7.0
- mandrakesoft / mandrake_linux7.1 – 7.1
- RedHat / linux5.2 – 5.2
- RedHat / linux5.2 – 5.2
- RedHat / linux5.2 – 5.2
- RedHat / linux6.0 – 6.0
- RedHat / linux6.0 – 6.0
- RedHat / linux6.0 – 6.0
- RedHat / linux6.1 – 6.1
- RedHat / linux6.1 – 6.1
- RedHat / linux6.1 – 6.1
- RedHat / linux6.2 – 6.2
- RedHat / linux6.2 – 6.2
- RedHat / linux6.2 – 6.2
References
- MISCftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-021.0.txt
- VENDOR_ADVISORYhttp://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:015
- MISChttp://www.redhat.com/support/errata/RHSA-2000-041.html
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/4900
- MISChttp://archives.neohapsis.com/archives/bugtraq/2000-07/0390.html
- MISChttp://www.securityfocus.com/bid/1434