NEdit Temporary File Creation Vulnerability

NEdit is the Nirvana editor, a freely availabe text editor included with various implementations of the UNIX Operating system. It provides a graphic front end, and features designed to emulate the functions of text editors for Microsoft Windows and Macintosh Operating Systems.

A problem with the software could make it possible to overwrite any file owned by a user of the editor. It is possible to create a symbolic link to a file owned by the user of the editor, which will result in the linked file being overwritten by the data in the temporary file.

This vulnerability makes it possible to corrupt files owned by another user, or gain the privileges of another user.


Privacy Statement
Copyright 2010, SecurityFocus