Compaq Tru64 patches for CERT VU#10277From: Roberts Ross (Ross.Roberts@alcatel.com)
- Previous message: firstname.lastname@example.org: "Long path exploit on NTFS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Roberts Ross <Ross.Roberts@alcatel.com> To: "'email@example.com'" <firstname.lastname@example.org> Date: Wed, 30 Jan 2002 11:27:26 -0500
Compaq apparently released patches for the above mentioned vulnerability
(and possibly some others) in the last day or two. I saw no mention of this
so I thought I would throw it out.
From the CERT info on the vulnerability:
Vulnerability Note VU#10277
Various shells create temporary files insecurely when using << operator
sh uses /tmp files of a predictable name in creating files for input
redirection using the << operator.
http://www.tru64unix.compaq.com/unix/security-download.html for the
http://ftp.support.compaq.com/patches/.new/unix.shtml for the actual
-- -Ross Roberts Unix/Network Administrator Alcatel Telecommunications Cable