[18277] in bugtraq
Re: /bin/ksh creates insecure tmp files
daemon@ATHENA.MIT.EDU (J.A. Gutierrez)
Thu Dec 21 13:54:03 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID: <200012210939.LAA05209@gtc1.cps.unizar.es>
Date: Thu, 21 Dec 2000 11:39:00 +0200
Reply-To: "J.A. Gutierrez" <spd@GTC1.CPS.UNIZAR.ES>
From: "J.A. Gutierrez" <spd@GTC1.CPS.UNIZAR.ES>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200012202211.JAA25620@milan.maths.usyd.edu.au> from "Paul Szabo"
at Dec 21, 0 09:11:37 am
> Demonstration (ksh is vulnerable if the size of silly.1 is changed):
Vulnerable:
Version M-11/16/88f-beta4 (IRIX 6.2, patchSG0002882)
Version 11/16/88f (IRIX 6.5.5)
Version M-11/16/88f (IRIX 6.5.7)
Version 11/16/88 (HP-UX B.09.00)
Version M-11/16/88f (Tru64 5.0)
Version M-11/16/88i (Solaris 7)
Version 11/16/88i (Solaris 2.5)
Not vulnerable:
Version 1993-12-28 j (ast-ksh.2000-06-01 (ATT), Linux)
Version M-11/16/88i (Solaris 8)
Version 11/16/88 (HP-UX B.11.00)
--
finger spd@gtc1.cps.unizar.es for PGP / So be easy and free
.mailcap tip of the day: / when you're drinking with me
application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't meet every day
text/x-vcard; cat '%s' > /dev/null / (the pogues)
