Description
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
Affected products
- mandrakesoft / mandrake_linux10.1 – 10.1
- mandrakesoft / mandrake_linux9.2 – 9.2
- mandrakesoft / mandrake_linux9.2 – 9.2
- mandrakesoft / mandrake_linux10.0 – 10.0
- mandrakesoft / mandrake_linux10.0 – 10.0
- mandrakesoft / mandrake_linux10.1 – 10.1
- mandrakesoft / mandrake_linux_corporate_server2.1 – 2.1
- mandrakesoft / mandrake_linux_corporate_server2.1 – 2.1
- PostgreSQL / postgresql7.3.0 – 7.3.8
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / enterprise_linux_desktop3.0 – 3.0
- trustix / secure_linux2.0 – 2.0
- trustix / secure_linux2.1 – 2.1
References
- MISChttp://www.securityfocus.com/bid/11295
- VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-577
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:149
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17583
- MISChttp://www.trustix.org/errata/2004/0050
- MISChttp://security.gentoo.org/glsa/glsa-200410-16.xml
- VENDOR_ADVISORYhttps://www.ubuntu.com/usn/usn-6-1/
- MAILING_LISThttp://marc.info/?l=bugtraq&m=109910073808903&w=2
- MISChttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300
- MISChttp://www.redhat.com/support/errata/RHSA-2004-489.html