The sort utility creates temporary files insecurely, making sort subject to a denial-of-service attack.
The UNIX sort utility creates temporary files with predictable names. The creation is done in a manner to prevent information loss via a symlink attack, but existence of the file will cause sort to fail, as it aborts when the creation fails.
By crashing the sort utility, an intruder may be able to block the operation of system administration programs.
Apply vendor patches; see the Systems Affected section below.
This vulnerability was identified by FreeBSD.
This document was last modified by Tim Shimeall.
|Date First Published:||2001-08-20|
|Date Last Updated:||2003-05-29 18:48 UTC|