[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] ispell temp file creation
- To: linux-security
- Subject: [linux-security] ispell temp file creation
- From: Martin Siegert <siegert@sfu.ca>
- Date: Thu, 14 Jun 2001 17:11:53 -0700
- User-Agent: Mutt/1.2.5i
Topic
=====
insecure creation of temporary files by ispell.
Problem Description
===================
The ispell program uses mktemp() to open temporary files - this makes it
vulnerable to symlink attacks.
The new version now uses mkstemp(), and also switches from gets() to fgets()
in two locations dealing with user input. The patches for ispell are from
OpenBSD.
Affected Systems
================
All versions of ispell <= 3.1.20
RedHat 7.x is not vulnerable (doesn't use ispell)
Solution
========
upgrade to patched versions
RedHat 6.x
----------
rpm -Fvh ispell-3.1.20-27.i386.rpm \
ispell-catalan-3.1.20-27.i386.rpm \
ispell-czech-3.1.20-27.i386.rpm \
ispell-danish-3.1.20-27.i386.rpm \
ispell-dutch-3.1.20-27.i386.rpm \
ispell-esperanto-3.1.20-27.i386.rpm \
ispell-french-3.1.20-27.i386.rpm \
ispell-german-3.1.20-27.i386.rpm \
ispell-greek-3.1.20-27.i386.rpm \
ispell-italian-3.1.20-27.i386.rpm \
ispell-norwegian-3.1.20-27.i386.rpm \
ispell-polish-3.1.20-27.i386.rpm \
ispell-portuguese-3.1.20-27.i386.rpm \
ispell-russian-3.1.20-27.i386.rpm \
ispell-spanish-3.1.20-27.i386.rpm \
ispell-swedish-3.1.20-27.i386.rpm \
ispell-dicts-3.1.20-27.i386.rpm