Info

Disclosure

Mar 18, 2001

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

OpenBSD contains a flaw that may allow a malicious user to obtain sensitive information. The problem is that the readline library creates history files with insecure permissions. This may result in a loss of confidentiality and/or integrity.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released a patch to address this vulnerability.

Products

OpenBSD	OpenBSD	2.7
		2.8

References

CVE ID: 2001-0378 (see also: NVD)
ISS X-Force ID: 6586
Vendor Specific Solution URL: ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/040_readline.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch http://archives.neohapsis.com/archives/openbsd/2001-03/1627.html
Other Advisory URL: http://www3.ca.com/threatinfo/vulninfo/Vuln.aspx?ID=3509

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/5680