BugTraq
Symlink Vulnerability in GNU libtool <1.5.2 Jan 30 2004 01:14AM
Stefan Nordhausen (deletethis nordhaus informatik hu-berlin de) (3 replies)
Re: Symlink Vulnerability in GNU libtool <1.5.2 Feb 04 2004 05:01AM
jsm polyomino org uk
Re: Symlink Vulnerability in GNU libtool <1.5.2 Feb 03 2004 11:21AM
Stefan Nordhausen (deletethis nordhaus informatik hu-berlin de)
I wrote:
> If you want to stick with your old version of libtool
> you can easily fix this bug yourself. In "ltmain.in"
> [...] you should replace the line:

This fix will not work for the version of libtool that is distributed
with SuSE Linux (checked on SuSE 8.2/9.0). SuSE modified the tempdir
creation to use mktemp if available. As a result the patch mentioned
above would break SuSE's libtool, so don't use it for your SuSE Linux!

Unfortunately, the changes made by SuSE don't fix the vulnerability
(they just make it a bit harder to exploit) so that it is still
necessary to apply a bugfix.

Regards
Stefan

--
Don't open your eyes, you won't like what you see. The devils of truth
steal the souls of the free. Don't open your eyes, take it from me. I
have found, you can find happiness in slavery.
Trent Reznor

[ reply ]
Re: Symlink Vulnerability in GNU libtool <1.5.2 Feb 03 2004 09:47AM
Joseph S. Myers (jsm polyomino org uk) (2 replies)
Re: Symlink Vulnerability in GNU libtool <1.5.2 Feb 04 2004 07:10PM
Stefan Nordhausen (deletethis nordhaus informatik hu-berlin de)
Re: Symlink Vulnerability in GNU libtool <1.5.2 Feb 03 2004 08:33PM
Scott James Remnant (scott netsplit com)


 

Privacy Statement
Copyright 2010, SecurityFocus