[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
LYNX-DEV security patches for lynx2.7.1 vulnerability wanted?
From: |
John Saroglou |
Subject: |
LYNX-DEV security patches for lynx2.7.1 vulnerability wanted? |
Date: |
Tue, 15 Jul 1997 16:00:15 -0400 |
Greetings...
Are there any patches that address the security issue as described in
CERT* Vendor-Initiated Bulletin VB-97.05 dated July 15, 1997 (see below).
I'm wondering if such patches have been applied to the present/next
release of lynx distribution. If so, where can I grab a copy from?
Thanks in advance.
( John Saroglou E-Mail: address@hidden )
( CCS - Unix Support Voice: (416)736-5257 )
( -- The journey of thousand miles must begin with a single step -- )
=======================FORWARDED TEXT STARTS HERE============================
I. Description
Lynx typically stores persistent temporary files in /tmp on Un*x
systems. The filenames Lynx chooses can be predicted, and another
user on the system may be able to exploit a race condition to replace
the temporary file with a symbolic link or with another file.
Installed versions of Lynx where a directory writeable by other users
(such as /tmp on a machine to which multiple users have access) is used
to store files during download are vulnerable. This vulnerability can
only be exploited by a user with access to an account on the machine
running Lynx.
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- LYNX-DEV security patches for lynx2.7.1 vulnerability wanted?,
John Saroglou <=