Showing 1 - 1 of 1

CVE-2006-0055

Status Candidate

Overview

The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell.

Related Files

FreeBSD-SA-06-02.ee.txt: Posted Jan 15, 2006; Site freebsd.org; FreeBSD Security Advisory - The ispell_op function used by ee(1) while executing spell check operations employs an insecure method of temporary file generation. This method produces predictable file names based on the process ID and fails to confirm which path will be over written with the user.; tags | advisory; systems | freebsd; advisories | CVE-2006-0055; SHA-256 | aabdd726e7f1d21c64dd7f601f42432a072639283866afd5cb5d75fd085e4063; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 225 files
indoushka 116 files
Ubuntu 84 files
Gentoo 36 files
Jasper Nota 25 files
Debian 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,101)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,815)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,569)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,756)
UNIX (9,438)
UnixWare (187)
Windows (6,674)
Other

CVE-2006-0055

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems