The /usr/libexec/vi.recover script in OpenBSD has a vulnerability that could allow an attacker to remove arbitrary zero-length files, including device nodes.
The /usr/libexec/vi.recover script in OpenBSD cleans up vi temp files and informs a user via email if a recovery file exists for an aborted vi session. The vi.recover script is reported to contain an unspecified vulnerability that may allow the removal of arbitrary zero-length files, including device nodes.
The vi.recover script in OpenBSD is a perl adaptation of a shell script from the nvi package, which is also reported to be vulnerable and may be present in other UNIX-based operating systems.
An attacker may be able to remove arbitrary zero-length files. This could allow a local attacker to cause a local denial of service by removing devices or files that enable services.
Obtain a patch for your system from one the following URLs.
Thanks to Todd C. Miller for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
|Date First Published:||2002-09-16|
|Date Last Updated:||2003-09-18 20:02 UTC|