• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SEMI/WEMI Insecure Temporary File Creation Vulnerability

Solution:
Debian has released an advisory (DSA 339-1) and fixes to address this issue. Further information regarding applying fixes for stable and unstable versions of Debian Linux can be found in the referenced advisory.

Yellow Dog has released an advisory with fixes to address this issue.

Red Hat has released advisory RHSA-2003:234-01 to address this issue. See referenced advisory for additional details and fix information. RHSA-2003:231-10 was also released to provide updates for Red Hat Enterprise distributions. Enterprise fixes are available exclusively from the Red Hat Network.

Gentoo has released an advisory and fixes. Users should perform the following commands to upgrade:

emerge sync
emerge semi
emerge clean


semi semi 1.14.3

• Yellow Dog wl-2.10.1-1.1.noarch.rpm
  ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/ppc/w l-2.10.1-1.1.noarch.rpm


• Yellow Dog wl-common-2.10.1-1.1.noarch.rpm
  ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/ppc/w l-common-2.10.1-1.1.noarch.rpm


• Yellow Dog wl-xemacs-2.10.1-1.1.noarch.rpm
  ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/ppc/w l-xemacs-2.10.1-1.1.noarch.rpm

Debian Linux 3.0

• Debian semi_1.14.3.cvs.2001.08.10-1woody2_all.deb
  http://security.debian.org/pool/updates/main/s/semi/semi_1.14.3.cvs.20 01.08.10-1woody2_all.deb


• Debian wemi_1.14.0.20010802wemiko-1.3_all.deb
  http://security.debian.org/pool/updates/main/w/wemi/wemi_1.14.0.200108 02wemiko-1.3_all.deb