SkipNavigation
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric



 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

 

Vulnerability Note VU#417216

sort creates temporary files insecurely

Overview

The sort utility creates temporary files insecurely, making sort subject to a denial-of-service attack.

I. Description

The UNIX sort utility creates temporary files with predictable names. The creation is done in a manner to prevent information loss via a symlink attack, but existence of the file will cause sort to fail, as it aborts when the creation fails.

II. Impact

By crashing the sort utility, an intruder may be able to block the operation of system administration programs.

III. Solution

Apply vendor patches; see the Systems Affected section below.

Systems Affected

VendorStatusDate Updated
Apple Computer Inc.Vulnerable4-Oct-2001
BSDIUnknown14-Aug-2001
Data GeneralUnknown14-Aug-2001
DebianUnknown24-Jul-2001
DECUnknown14-Aug-2001
FreeBSDVulnerable14-Aug-2001
FreeBSDVulnerable12-Jun-2001
FujitsuNot Vulnerable20-Jun-2001
Hewlett-Packard CompanyVulnerable27-Jul-2001
IBMUnknown14-Aug-2001
NEC CorporationUnknown24-Jul-2001
NetBSDUnknown14-Aug-2001
NeXTUnknown14-Aug-2001
OpenBSDUnknown24-Jul-2001
SequentUnknown24-Jul-2001
SGIVulnerable29-May-2003
Siemens NixdorfUnknown24-Jul-2001
Sony CorporationUnknown24-Jul-2001
Sun Microsystems Inc.Not Vulnerable27-Jul-2001
The SCO Group (SCO Linux)Vulnerable29-Jan-2002
The SCO Group (SCO UnixWare)Vulnerable29-May-2003
UnisysUnknown24-Jul-2001

References


http://www.linuxsecurity.com/advisories/freebsd_advisory-1111.html
http://www.securityfocus.com/bid/3960

Credit

This vulnerability was identified by FreeBSD.

This document was last modified by Tim Shimeall.

Other Information

Date Public01/30/2001
Date First Published08/20/2001 03:18:34 PM
Date Last Updated05/29/2003
CERT Advisory 
CVE-ID(s)CVE-2001-0310
NVD-ID(s)CVE-2001-0310
US-CERT Technical Alerts 
Metric0.84
Document Revision13

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2001 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader