|
Multiple Vendor man(1) 'makewhatis' Insecure /tmp Files Vulnerability
Due to insecure handling of /tmp files by the 'makewhatis' portion of the man(1) command it is possible for a user to manipulate files to which they should not have access or to possibly to elevate their privileges. This is possible because 'makewhatis' creates non-randomly named files in the /tmp directory which are subject to symlink attacks. man 1.5e and higher is vulnerable. |
|
|
Privacy Statement |
