6423193 2001-04-27 10:28 -0500 /172 rader/ Progeny Security Team <security@PROGENY.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-04-28 00:51 av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: security@PROGENY.COM
Mottagare: Bugtraq (import) <16824>
Ärende: PROGENY-SA-2001-10: Older versions of NEdit make insecure use of
------------------------------------------------------------
temp files
From: Progeny Security Team <security@PROGENY.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20010427152836.EC2D814150@albus.indy.progeny.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
---------------------------------------------------------------------------
PROGENY SERVICE NETWORK -- SECURITY ADVISORY PROGENY-SA-2001-10
---------------------------------------------------------------------------
Synopsis: Older versions of NEdit make insecure use of temp files
Software: nedit
History:
2001-04-27 Update available in Progeny archive
Affects: Progeny Debian (nedit prior to 5.1.1-1.0progeny1)
Progeny Only: NO
Vendor-Status: New Version Released
5.1.1-1.0progeny1
$Id: PROGENY-SA-2001-10,v 1.1 2001/04/27 15:09:05 jdaily Exp $
---------------------------------------------------------------------------
DESCRIPTION
NEdit, a popular GUI editor, insecurely opens a file in /tmp for
printing purposes. This vulnerability could be used by a local
attacker to cause a privileged user to unwittingly overwrite a file
(via a symbolic link) to which the user has write access.
SOLUTION (See also: UPDATING VIA APT-GET)
If you have NEdit installed, upgrade to a fixed version of nedit.
nedit version 5.1.1-1.0progeny1 corrects the problem. For your
convenience, you may upgrade to the new package.
If you aren't sure if you have NEdit installed, type:
dpkg -l nedit
...at a command prompt. If you don't have it installed, you can
disregard this warning.
UPDATING VIA APT-GET
1. Ensure that your /etc/apt/sources.list file has a URI for Progeny's
update repository:
deb http://archive.progeny.com/progeny updates/newton/
2. Update your cache of available packages for apt(8).
Example:
# apt-get update
3. Using apt(8), install the new package. apt(8) will download the
update, verify its integrity with md5, and then install the
package on your system with dpkg(8).
Example:
# apt-get install nedit
UPDATING VIA DPKG
1. Using your preferred FTP/HTTP client to retrieve the following
updated files from Progeny's update archive at:
http://archive.progeny.com/progeny/updates/newton/
MD5 Checksum Filename
-------------------------------- -------------------------------------
142a511170fbf30ce2881d362787658a nedit_5.1.1-1.0progeny1_i386.deb
Example:
# wget \
http://archive.progeny.com/progeny/updates/newton/nedit_5.1.1-1.0progeny1_i386.deb
2. Use the md5sum command on the retrieved files to verify that they
match the md5sum provided in this advisory:
Example:
# md5sum nedit_5.1.1-1.0progeny1_i386.deb
3. Then install the replacement package(s) using the dpkg command.
Example:
# dpkg --install nedit_5.1.1-1.0progeny1_i386.deb
WORKAROUND
Other than removing the nedit software, no known workaround exists for
this vulnerability.
MORE INFORMATION
Progeny advisories can be found at http://www.progeny.com/security/.
---------------------------------------------------------------------------
pub 1024D/F92D4D1F 2001-04-04 Progeny Security Team
<security@progeny.com>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDrKpVkRBACS4/hjUliUt9UGTHMUGSZpQlKfBk9OFHmyLHTdjyIBCWRMmOBn
RRhag0FgPicVIDndoQvYw3+ESC/RtbuPCBf6DZ7S0+NHhm1SHEbZyHFLkRXJm+IS
29oFmKrfXnXHckCrJFDZbOznRF6dVe7hV8CYi3FtoTjlRbuiHPQCMuy4ewCghAfv
eYxfB25AoTdBT7WiG8jd4w8D/iFweuqzTwcWtXEgDbDd21W9hNPLEELgguimCCdP
l3GHqw/MUJpIvdYfYhCzTaf4VpvkM5xlJGAcelCUL9qAufwyU8U8JI2YzlbqSlO8
qRwaiwq9qisTKEBb3IQadFqug+ihVdUeP8cuXPvbUEbFt7ILWyUD/kntgFdf1Apo
zZWlA/0SM45hV6yomcM7z08tyh4hZTrWX/RUJqe+U1niNAmzPg4P+r8SfXdIkjb2
fZT5h5cYLIiK+kUEkqyPmZwUlgMCCn4IYVd2pcKXKXWE8ympuf3E5wGYeiVpLBM/
th7qdEF87sViV8McfiRuXEonYrs1nSQZX+f4OxvTQqaP46u10rQsUHJvZ2VueSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBwcm9nZW55LmNvbT6IVwQTEQIAFwUCOsql
WQULBwoDBAMVAwIDFgIBAheAAAoJEEnBfSP5LU0f/sUAnjDpQs5SnFotNJ7GeIWx
Ftf7AvBBAJ0cygWS0XRXxJJq2PKbCbdln+i4d7kEDQQ6yqcjEBAA465SSuC/yvN7
WeZAN9XperqZtxLCVe8hLfrLZ+9/Xn2ysuEEe90rYe1X0HbsB/mInHF3VmT+XvHB
VdDQ7o0VMw7aeDgprt3jDQgT8gIesSOhZvulDujmLhykE+FT/V4lKpqO8prv7Ujs
AfuC7g/X2dcV1+imNOeivLaCM0+HrwUhdvifWFDwE97wBkrda/vhu9zs3NwMeBVN
UYfkRLPm+DGUSQVrteNiYJchhqfJB0mjrd+3FgnpCVgdU4c42epZ2ez/WTgTchoT
duMCd1sM9gzvQIih56KzxlGL82PVS2m0PNxSQ8iZpheMMGWregjpjpMRcrRbSXy+
WmPBacOiE/MyxXand+lGzig/9Srm6msUT5jE/lDcfySznJWH8B/fqD7KM5Z0ZM+b
3xV0PzGyMld+m3BfGolqsd5bpo8HaWCWsZVYfgdXjoDPYptsoPdLesN6WIAHA1kU
n2kckccz4xOoI/8MqKhkzZe0q5a9sv6RLBWDeVLxJnDuXZgcwCc4OvpcR4HnOE7c
U5VsyjYwTkzGWWuQxb8uxng3akHTK2PqeZAnC0tvtuwI7QFhOq/dzz+zHzVH2+Qh
55Aq6DjA9yEs3P7g31wb3duGdWtuIXn+N85GiJdZ1EmJESQCuOYOSHsV4bGxKcpg
PIpoSr5QBAUtUOTwN+xC8nNjZtC5OzsAAwYP/1OD/eiEraGpy7Z9scgXBjjb1kly
tgq06zGlSMWPEQoN3F87YeMiOsXSeDxJG+cnhvlys1Qoytp9/drsDLANi+Q61A/b
aka2IJLudiDu4iUDFb1rgRUERBciA31karPf2IwNjdU8lbulHfxQcjtjj7rbSWOG
gxzlPcLp2F5ee3h0qs+XW4UpD6K9f/u9gGT4nMr3owG06uNomlBAsGCVpk9XlRxG
x96161vrbmTPUx/o6NhqHNuf5Zh8ZmxQ3PYydywiE9njOtS04TTad24qbdPlVQh2
kjkTdsMCFRGaAB8EYImMT3F0ofon1Q/XWZrRlhkZpzuAKLhdSOW5G+tygNy2IqsH
wCYa/rDitYZeNN4EUb5At4HnSBCy86GFQgj+sDFO6yp+h7NLIMeTm0csaSbKEt6o
cbn0iMaRbLdHmAm0UHATPho+M2brf3mTztvAPONta2FC9TP1L1ojTDd4mtO9IcdM
hjOVqNbuyLXkWgPcSmwhhjB61p3/1M1Y/zfXxLOsi/XJlstYzzKzHa68F1e9dTEz
kgeYo1hG5TqMKv1sXfPJHw4N/QVcLoUlpUJZ/kI2OQD5mAhCCZ9PbT2fT4gLhy7U
sn0blh/R/0HFSFDwHgmx8mNfw7w0qFbba9/FEE8D5qhyyCx5KTk0OkvRL9OpzO7E
jzjdcfb6B2XpgSC8iEYEGBECAAYFAjrKpyMACgkQScF9I/ktTR90vgCggiX108DO
S3rhSkmfFuHey8w4RlIAn3nD+uCe+sjCFqVwb+LY2jO3ybjB
=6dRm
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjrpjJYACgkQScF9I/ktTR9oGgCeLmLPg0Cjqv75xPWnfxFSFIMF
k2MAn33UrFHOpqt0UZEx3dwH2MW8xWtl
=/d5G
-----END PGP SIGNATURE-----
(6423193) /Progeny Security Team <security@PROGENY.COM>/(Ombruten)
Kommentar i text 6424986 av Jarno Huuskonen <Jarno.Huuskonen@UKU.FI>
6424986 2001-04-28 11:50 +0300 /20 rader/ Jarno Huuskonen <Jarno.Huuskonen@UKU.FI>
Sänt av: joel@lysator.liu.se
Importerad: 2001-04-28 19:05 av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: Jarno.Huuskonen@UKU.FI
Mottagare: Bugtraq (import) <16837>
Kommentar till text 6423193 av Progeny Security Team <security@PROGENY.COM>
Ärende: More nedit problems ? (was Re: PROGENY-SA-2001-10...)
------------------------------------------------------------
From: Jarno Huuskonen <Jarno.Huuskonen@UKU.FI>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20010428115016.A162140@messi.uku.fi>
On Fri, Apr 27, Progeny Security Team wrote:
> NEdit, a popular GUI editor, insecurely opens a file in /tmp for
> printing purposes. This vulnerability could be used by a local
> attacker to cause a privileged user to unwittingly overwrite a file
> (via a symbolic link) to which the user has write access.
With google search for 'nedit security' I found this:
http://www.nedit.org/archives/develop/2001-Feb/0391.html
It looks like that NEdit has also problems when creating incremental
backups and backup files (.bck) (If somebody can create symlinks in
the same directory).
-Jarno
(6424986) /Jarno Huuskonen <Jarno.Huuskonen@UKU.FI>/(Ombruten)