Description
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
Affected products
- Debian / debian_linux2.2 – 2.2
- gnu / enscript1.6.1
- RedHat / linux6.1 – 6.1
- RedHat / linux6.2 – 6.2
- RedHat / linux7.0 – 7.0
- RedHat / linux7.1 – 7.1
- RedHat / linux7.2 – 7.2
- RedHat / linux6.0 – 6.0
References
- VENDOR_ADVISORYhttp://www.securityfocus.com/advisories/3818
- MISChttp://www.securityfocus.com/bid/3920
- MISChttp://www.redhat.com/support/errata/RHSA-2002-012.html
- VENDOR_ADVISORYhttp://www.debian.org/security/2002/dsa-105
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/7932
- MISChttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-010.php3