4.6 - DSA-001

Summary
Title	ed symlink attack

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	4.6	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Alan Cox discovered that GNU ed (a classed line editor tool) created temporary files unsafely. This has been fixed in version 0.2-18.1.

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

Debian GNU/Linux 2.2 alias potato

Type	Description	Count
Application	Gnu Ed cpe:2.3:a:gnu:ed:2.18.0:::::::* cpe:2.3:a:gnu:ed:2.18:::::::* cpe:2.3:a:gnu:ed:2.16tr:::::::* cpe:2.3:a:gnu:ed:2.15:::::::*	4

Date	Description
2008-09-24	Name : Gentoo Security Advisory GLSA 200410-07 (ed) File : nvt/glsa_200410_07.nasl
2008-01-17	Name : Debian Security Advisory DSA 001-1 (ed) File : nvt/deb_001_1.nasl

Id	Description
6491	GNU ed tmpfile Symlink Arbitrary File Overwrite GNU ed contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when a user creates a symlink to a temporary file and the system is halted before the file is saved. This flaw may lead to a loss of integrity and availability.

Date	Description
2012-09-06	Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2000-076.nasl - Type : ACT_GATHER_INFO
2004-10-09	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200410-07.nasl - Type : ACT_GATHER_INFO

If you want to see full details history, please login or register.

Date	Informations
2013-02-06 19:08:03	Multiple Updates

	Related
4.6	CVE-2000-1137
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)