Vulnerability Note VU#417216
sort creates temporary files insecurely
The sort utility creates temporary files insecurely, making sort subject to a denial-of-service attack.
The UNIX sort utility creates temporary files with predictable names. The creation is done in a manner to prevent information loss via a symlink attack, but existence of the file will cause sort to fail, as it aborts when the creation fails.
By crashing the sort utility, an intruder may be able to block the operation of system administration programs.
Apply vendor patches; see the Systems Affected section below.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer Inc.||Affected||13 Jun 2001||04 Oct 2001|
|FreeBSD||Affected||23 Apr 2001||14 Aug 2001|
|FreeBSD||Affected||30 Jan 2001||12 Jun 2001|
|Hewlett-Packard Company||Affected||13 Jun 2001||27 Jul 2001|
|SGI||Affected||13 Jun 2001||29 May 2003|
|The SCO Group (SCO Linux)||Affected||13 Jun 2001||29 Jan 2002|
|The SCO Group (SCO UnixWare)||Affected||13 Jun 2001||29 May 2003|
|Fujitsu||Not Affected||13 Jun 2001||20 Jun 2001|
|Sun Microsystems Inc.||Not Affected||13 Jun 2001||27 Jul 2001|
|BSDI||Unknown||13 Jun 2001||14 Aug 2001|
|Data General||Unknown||13 Jun 2001||14 Aug 2001|
|Debian||Unknown||13 Jun 2001||24 Jul 2001|
|DEC||Unknown||13 Jun 2001||14 Aug 2001|
|IBM||Unknown||13 Jun 2001||14 Aug 2001|
|NEC Corporation||Unknown||13 Jun 2001||24 Jul 2001|
CVSS Metrics (Learn More)
This vulnerability was identified by FreeBSD.
This document was last modified by Tim Shimeall.
- CVE IDs: CVE-2001-0310
- Date Public: 30 Jan 2001
- Date First Published: 20 Aug 2001
- Date Last Updated: 29 May 2003
- Severity Metric: 0.84
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.