Vulnerability
vi
Affected
Unixware 5.x (SCO_SV unixdev 3.2 5.0.5 i386)
Description
Richard Johnson (Strategic Reconnaissance Team Security Advisory
SRT2001-9) found following. vi makes poor use of /tmp. File
names are very predictable
As a user
ln -s /etc/passwd /tmp/Ex04161
wait for root to run vi and viola when he does he will clobber
/etc/passwd with a null file
Solution
Don't use vi or crontab -e until patched.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
