Vulnerability Note VU#417216

sort creates temporary files insecurely

Original Release date: 20 Aug 2001 | Last revised: 29 May 2003

Overview

The sort utility creates temporary files insecurely, making sort subject to a denial-of-service attack.

Description

The UNIX sort utility creates temporary files with predictable names. The creation is done in a manner to prevent information loss via a symlink attack, but existence of the file will cause sort to fail, as it aborts when the creation fails.

Impact

By crashing the sort utility, an intruder may be able to block the operation of system administration programs.

Solution

Apply vendor patches; see the Systems Affected section below.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Affected13 Jun 200104 Oct 2001
FreeBSDAffected23 Apr 200114 Aug 2001
FreeBSDAffected30 Jan 200112 Jun 2001
Hewlett-Packard CompanyAffected13 Jun 200127 Jul 2001
SGIAffected13 Jun 200129 May 2003
The SCO Group (SCO Linux)Affected13 Jun 200129 Jan 2002
The SCO Group (SCO UnixWare)Affected13 Jun 200129 May 2003
FujitsuNot Affected13 Jun 200120 Jun 2001
Sun Microsystems Inc.Not Affected13 Jun 200127 Jul 2001
BSDIUnknown13 Jun 200114 Aug 2001
Data GeneralUnknown13 Jun 200114 Aug 2001
DebianUnknown13 Jun 200124 Jul 2001
DECUnknown13 Jun 200114 Aug 2001
IBMUnknown13 Jun 200114 Aug 2001
NEC CorporationUnknown13 Jun 200124 Jul 2001
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was identified by FreeBSD.

This document was last modified by Tim Shimeall.

Other Information

  • CVE IDs: CVE-2001-0310
  • Date Public: 30 Jan 2001
  • Date First Published: 20 Aug 2001
  • Date Last Updated: 29 May 2003
  • Severity Metric: 0.84
  • Document Revision: 13

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.