[22149] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

rcs2log

daemon@ATHENA.MIT.EDU (Morten Welinder)
Tue Aug 7 17:06:22 2001

Date: 7 Aug 2001 20:10:05 -0000
Message-ID: <20010807201005.29624.qmail@tyr.diku.dk>
From: Morten Welinder <terra@diku.dk>
To: bugtraq@securityfocus.com

I have been sitting on this one for half a year.  Time to disclose
it.

rcs2log uses files in /tmp insecurely.

This was reported to the Emacs maintainers an aeon or two ago.
Current preleases have a fix.  (And have had it for at least half
a year.)

NOTE NOTE NOTE: there seem to be quite a few sources for rcs2log
out there.  A SuSE 6.3 (I think) seems to install three different
versions in four different spots.

Morten

xyz:~> ls -l `locate rcs2log`
-rwxr-xr-x   1 root     root        17927 Nov  8  1999 /usr/bin/rcs2log
-rwxr-xr-x   1 root     root        17927 Nov  8  1999 /usr/lib/cvs/contrib/rcs2log
-rwxr-xr-x   1 root     root        17902 Nov  8  1999 /usr/lib/emacs/20.4/i386-suse-linux/rcs2log
-rwxr-xr-x   1 root     root        17357 Feb  8  2001 /usr/lib/xemacs/21.1.10/i386-suse-linux/rcs2log


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[22149] in bugtraq

rcs2log

daemon@ATHENA.MIT.EDU (Morten Welinder)Tue Aug 7 17:06:22 2001

daemon@ATHENA.MIT.EDU (Morten Welinder)
Tue Aug 7 17:06:22 2001