Bugtraq mailing list archives

Re: /bin/ksh creates insecure tmp files

From: "J.A. Gutierrez" <spd () GTC1 CPS UNIZAR ES>
Date: Thu, 21 Dec 2000 11:39:00 +0200

Demonstration (ksh is vulnerable if the size of silly.1 is changed):


        Vulnerable:

        Version M-11/16/88f-beta4 (IRIX 6.2, patchSG0002882)
        Version 11/16/88f (IRIX 6.5.5)
        Version M-11/16/88f (IRIX 6.5.7)
        Version 11/16/88 (HP-UX B.09.00)
        Version M-11/16/88f (Tru64 5.0)
        Version M-11/16/88i (Solaris 7)
        Version 11/16/88i (Solaris 2.5)

        Not vulnerable:

        Version 1993-12-28 j (ast-ksh.2000-06-01 (ATT), Linux)
        Version M-11/16/88i (Solaris 8)
        Version 11/16/88 (HP-UX B.11.00)

--
finger spd () gtc1 cps unizar es for PGP       /              So be easy and free
.mailcap tip of the day:                   /      when you're drinking with me
application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't meet every day
text/x-vcard; cat '%s' > /dev/null       /            (the pogues)

Current thread:

/bin/ksh creates insecure tmp files Paul Szabo (Dec 20)
- Re: /bin/ksh creates insecure tmp files J.A. Gutierrez (Dec 21)
- Re: /bin/ksh creates insecure tmp files Greg A. Woods (Dec 21)