CVE

Id
1075  
CVE No.
CVE-1999-1095  
Status
Candidate  
Description
sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort.  
Phase
Proposed (20010912)  
Votes
MODIFY(1) Frech | NOOP(3) Christey, Cole, Foat  
Comments
Frech> XF:sort-tmp-file-symlink(7182) | Christey> This issue clearly has a long history. | CALDERA:CSSA-2002-SCO.21 | URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q2/0018.html | CALDERA:CSSA-2002-SCO.2 | URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0002.html | (There are 2 Caldera advisories because one is for Open UNIX | and UnixWare, and the other is for OpenServer) | | XF:openserver-sort-symlink(9218) | URL:http://www.iss.net/security_center/static/9218.php  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
2777 1075 CVE-1999-1095 BUGTRAQ:19971006 KSR[T] Advisory #3: updatedb / crontabs  View
2778 1075 CVE-1999-1095 URL:http://marc.info/?l=bugtraq&m=87619953510834&w=2  View
2779 1075 CVE-1999-1095 BUGTRAQ:19980303 updatedb stuff  View
2780 1075 CVE-1999-1095 URL:http://marc.info/?l=bugtraq&m=88890116304676&w=2  View
2781 1075 CVE-1999-1095 BUGTRAQ:19980303 updatedb: sort patch  View
2782 1075 CVE-1999-1095 BUGTRAQ:19980302 overwrite any file with updatedb  View

Related JVN