Conectiva Information for VU#35842

man 'makewhatis' insecurely uses /tmp

Status

Affected

Vendor Statement

----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
----------------------------------------------------------------------

PACKAGE : man
SUMMARY : Insecure directory creation in /tmp
DATE : 2000-07-27
AFFECTED CONECTIVA VERSIONS : 5.1


DESCRIPTION
This announcement is being re-released specifically for Conectiva Linux
5.1.

Redhat has identified a problem with the man package which also affects
Conectiva Linux. Conectiva Linux versions prior to 5.1 have already been
patched.
The man package has a script called makewhatis that is run weekly by the
cron daemon as root. This script creates a directory in /tmp and some files
under it with predictable names, thus making it possible for a local
attacker to alter any file in the system via symlink attacks.


SOLUTION
All users of Conectiva Linux 5.1 should upgrade.
Conectiva Linux versions prior to 5.1 have already been patched.


DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/man-1.5g-9cl.i386.rpm

DIRECT LINK TO THE SOURCE PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/man-1.5g-9cl.src.rpm

----------------------------------------------------------------------

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.