Note: This is an archival copy of Security Sun Alert 228544 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1017440.1.
Article ID : 1017440.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-12-04
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Text Editor ed(1) Creates Temporary Files in an Unsafe Manner



Category
Security

Release Phase
Resolved

Product
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4397459

Date of Resolved Release
10-DEC-2003

Impact

Unprivileged local users may be able to overwrite or create any file on the system if "root" uses the text editor ed(1).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 2.6 without patch 115563-01
  • Solaris 7 without patch 115565-01
  • Solaris 8 without patch 110903-06

x86 Platform

  • Solaris 2.6 without patch 115564-01
  • Solaris 7 without patch 115566-01
  • Solaris 8 without patch 110904-06

Note: Solaris 9 is not affected by this issue.


Symptoms

There are no symptoms that would show the vulnerability in ed(1) has been exploited, as it depends on which file was overwritten or created.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 2.6 with patch 115563-01 or later
  • Solaris 7 with patch 115565-01 or later
  • Solaris 8 with patch 110903-06 or later

x86 Platform

  • Solaris 2.6 with patch 115564-01 or later
  • Solaris 7 with patch 115566-01 or later
  • Solaris 8 with patch 110904-06 or later


Modification History

References

115563-01
115565-01
110903-06
115564-01
115566-01
110904-06




Attachments
This solution has no attachment