The SCO Group (SCO Linux) Information for VU#10277

Various shells create temporary files insecurely when using << operator

Status

Affected

Vendor Statement

Caldera International has released updates for those problems:

1. bash1, released on November 24th, 2000
Location of fixed packages:

OpenLinux 2.3:
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/045/

OpenLinux eServer 2.3.1:
ftp://ftp.caldera.com/pub/updates/eServer/2.3/034/

OpenLinux eDesktop 2.4:
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/028/

2. tcsh, released on December 4th, 2000
Location of fixed packages:

OpenLinux 2.3:
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/046/

OpenLinux eServer 2.3.1:
ftp://ftp.caldera.com/pub/updates/eServer/2.3/035/

OpenLinux eDesktop 2.4:
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/029/

3. Other shells:

We have detected the same problem in bash2 and fixed it for the next
shipping product.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.