[24029] in bugtraq
Compaq Tru64 patches for CERT VU#10277
daemon@ATHENA.MIT.EDU (Roberts Ross)
Wed Jan 30 12:05:48 2002
Message-ID: <98020C834B13D511898100508BB89CA9454887@clrexchange.uscable.alcatel.com>
From: Roberts Ross <Ross.Roberts@alcatel.com>
To: "'bugtraq@securityfocus.com'" <bugtraq@securityfocus.com>
Date: Wed, 30 Jan 2002 11:27:26 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Compaq apparently released patches for the above mentioned vulnerability
(and possibly some others) in the last day or two. I saw no mention of this
so I thought I would throw it out.
From the CERT info on the vulnerability:
Vulnerability Note VU#10277
Various shells create temporary files insecurely when using << operator
Overview
sh uses /tmp files of a predictable name in creating files for input
redirection using the << operator.
http://www.tru64unix.compaq.com/unix/security-download.html for the
patch/security information;
http://ftp.support.compaq.com/patches/.new/unix.shtml for the actual
patches.
--
-Ross Roberts
Unix/Network Administrator
Alcatel Telecommunications Cable
