GNU Ed Symlink Vulnerability

A vulnerability exists in versions of GNU ed, a widely distributed linux/unix text editor.

Ed reportedly uses insecure methods of temporary file creation.

Properly exploited, this can allow a malicious local user to successfully carry out a symlink attack, potentially overwriting arbitrary files owned or writeable by the user running ed.

Further technical details of the vulnerability are not known. Note that, in addition to the versions listed, previous releases may also be vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus