shadow-utils useradd creates temporary files insecurely

Overview Shadow-utils is an encryption and account management package freely distributed for many Linux implementations. The useradd program in this package creates insecure temporary files with predictable names in a write-protected directory. If this directory is changed to be writable, an...

mgetty creates temporary files insecurely

Overview mgetty, a replacement for getty designed to support modem and fax use, creates files of a predictable name in a world-writable directory without checking for the prior existence or ownership of the file. Using a symbolic link attack, an intruder might cause the overwrite of arbitrary fil...

CVE-2001-0409

vim aka gvim allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory...

CVE-2001-0409

The CVE-2001-0409 vulnerability affects vim (aka gvim). It allows a local attacker to modify files being edited by other users via a symlink attack on swap/backup files when the victim edits a file in a world-writable directory. The underlying issue is a symlink race during edit sessions, enablin...

CVE-1999-1403

IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions world-readable and world-writable, which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files...

CVE-1999-1338

CVE-1999-1338 affects the Delegate proxy up to version 5.9.3. The vulnerability arises because the proxy creates files and directories in the DGROOT with world-writable permissions, enabling potential unauthorized modification or access. The supplied documents do not specify affected platforms, v...

CVE-1999-1536

.sbstart startup script in AcuShop Salesbuilder is world writable, which allows local users to gain privileges by appending commands to the file...

CVE-1999-1173

CVE-1999-1173 affects Corel WordPerfect 8 for Linux, where a temporary working directory is created with world-writable permissions. This can let local users (1) modify WordPerfect behavior by changing files in the working directory, or (2) modify other users’ files via a symlink attack. The prov...

CVE-1999-1429

DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver...

CVE-1999-1546

netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable...

CVE-1999-1274

iPass RoamServer 3.1 creates temporary files with world-writable permissions...

CVE-1999-1274

The CVE-1999-1274 entry affects iPass RoamServer 3.1, describing that it creates temporary files with world-writable permissions. This is the stated vulnerability detail; no explicit root cause, impact, affected versions beyond the version number, or remediation are provided in the supplied docum...

CVE-1999-1338

Delegate proxy 5.9.3 and earlier creates files and directories in the DGROOT with world-writable permissions...

CVE-1999-1095

The CVE-1999-1095 entry concerns the sort utility. It describes that sort creates temporary files and follows symbolic links, enabling a local user to modify arbitrary files writable by the user running sort. This impact is observed in updatedb and other programs that invoke sort. The documents d...

CVE-2001-1069

libCoolType library as used in Adobe Acrobat acroread on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior...

Adobe Acrobat creates world writable ~/AdobeFnt.lst files

Adobe Acrobat creates world writable /AdobeFnt.lst files This problem is present in at least the Linux version: ftp://ftp.adobe.com/pub/adobe/acrobatreader/unix/4.x/linux-ar-405.tar.gz Even with umask as restrictive as 077, the Adobe binary explicitly creates and changes the AdobeFnt.lst file in...

slackware.init.txt

I posted this to the linux kernel mailing last Friday, July 13th 2001: Submitted by : Josh [email protected], lockdown [email protected] on July 16th, 2001 Vulnerability : /lib/modules/2.4.5/modules.dep Tested On : Slackware 8.0. 2.4.5 Local : Yes Remote : No Temporary Fix : umask 022 at...

Slackware /usr/bin/man vulnerability

The following advisory was sent to slackware July 11th, 2001, they failed to respond so I hope the temporary patch will make do: Submitted by : Josh [email protected], lockdown [email protected] zen-parse [email protected] Vulnerability : /usr/bin/man Tested On : Slackware 8.0 and before...

2.4.x/Slackware Init script vulnerability

I posted this to the linux kernel mailing last Friday, July 13th 2001: Submitted by : Josh [email protected], lockdown [email protected] on July 16th, 2001 Vulnerability : /lib/modules/2.4.5/modules.dep Tested On : Slackware 8.0. 2.4.5 Local : Yes Remote : No Temporary Fix : umask 022 at...

FreeBSD-SA-01:47.xinetd

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:47 Security Advisory FreeBSD, Inc. Topic: xinetd contains multiple vulnerabilities Category: ports Module: xinetd Announced: 2001-07-10 Credits: [email protected] Affects...