Title: GNU Ed Insecure Temporary File Creation Vulnerability
Severity: MODERATE
Description:
GNU ed creates temporary files in an insecure way. An attacker with local access could potentially exploit this issue to perform symlink attacks upon a file, overwriting it in the context of the affected application.
Successfully exploiting a symlink attack may allow an attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.
GNU ed 0.3 and prior versions are vulnerable to this issue.
Affected Products:
- GNU Ed 0.2.0
- RedHat Fedora Core5
- RedHat Fedora Core6
- Trustix Operating System Enterprise Server 2.0
- Trustix Secure Linux 2.2.0
- Trustix Secure Linux 3.0.0
- rPath rPath Linux 1
References:
- CVE: CVE-2006-6939
- GNU: GNU Homepage
- rPath: ed temporary file symlink race CVE-2006-6939
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
