Multiple Vendor man(1) 'makewhatis' Insecure /tmp Files Vulnerability

Due to insecure handling of /tmp files by the 'makewhatis' portion of the man(1) command it is possible for a user to manipulate files to which they should not have access or to possibly to elevate their privileges. This is possible because 'makewhatis' creates non-randomly named files in the /tmp directory which are subject to symlink attacks. man 1.5e and higher is vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus