[20501] in bugtraq
More nedit problems ? (was Re: PROGENY-SA-2001-10...)
daemon@ATHENA.MIT.EDU (Jarno Huuskonen)
Sat Apr 28 13:27:02 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010428115016.A162140@messi.uku.fi>
Date: Sat, 28 Apr 2001 11:50:16 +0300
Reply-To: Jarno Huuskonen <Jarno.Huuskonen@UKU.FI>
From: Jarno Huuskonen <Jarno.Huuskonen@UKU.FI>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010427152836.EC2D814150@albus.indy.progeny.com>; from
security@PROGENY.COM on Fri, Apr 27, 2001 at 10:28:36AM -0500
On Fri, Apr 27, Progeny Security Team wrote:
> NEdit, a popular GUI editor, insecurely opens a file in /tmp for
> printing purposes. This vulnerability could be used by a local
> attacker to cause a privileged user to unwittingly overwrite a file
> (via a symbolic link) to which the user has write access.
With google search for 'nedit security' I found this:
http://www.nedit.org/archives/develop/2001-Feb/0391.html
It looks like that NEdit has also problems when creating incremental backups
and backup files (.bck) (If somebody can create symlinks in the same
directory).
-Jarno
