Info

Disclosure

Dec 11, 2000

Discovery

Unknown

Dates

Exploit

Dec 11, 2000

Solution

Unknown

Description

GNU ed contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when a user creates a symlink to a temporary file and the system is halted before the file is saved. This flaw may lead to a loss of integrity and availability.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public

Solution

Upgrade to version 0.2-19 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

GNU

ed

0.2-18.1

References

Secunia Advisory ID: 12780
CVE ID: 2000-1137 (see also: NVD)
Bugtraq ID: 2095
ISS X-Force ID: 5723
Mail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2006-11/0013.html
http://archives.neohapsis.com/archives/bugtraq/2000-12/0132.html
Vendor Specific Advisory URL: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000359
http://www.debian.org/security/2000/20001129
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2000:076
Other Advisory URL: http://security.gentoo.org/glsa/glsa-200410-07.xml
Vendor URL: http://www.gnu.org/software/ed/ed.html
RedHat RHSA: RHSA-2000:123-01

Credit

Christer Öberg - Wkit Security AB
Patrik Birgersson - Wkit Security AB

Direct URL: http://osvdb.org/6491