Ed is a simple command line editor that comes with many Linux distributions. Due to a security problem in this application it is possible for a local attacker to use a 'symlink attack' to cause other users to overwrite arbitrary system files.
Credit: Debian security announce .
Vulnerable systems: wget url dpkg -i file.deb Debian GNU/Linux 2.2 alias potato Source archives: http://security.debian.org/dists/stable/updates/main/source/ed_0.2-18.1.diff.gz http://security.debian.org/dists/stable/updates/main/source/ed_0.2-18.1.dsc http://security.debian.org/dists/stable/updates/main/source/ed_0.2.orig.tar.gz Alpha architecture: http://security.debian.org/dists/stable/updates/main/binary-alpha/ed_0.2-18.1_alpha.deb ARM architecture: http://security.debian.org/dists/stable/updates/main/binary-arm/ed_0.2-18.1_arm.deb Intel ia32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/ed_0.2-18.1_i386.deb Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/main/binary-m68k/ed_0.2-18.1_m68k.deb PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/ed_0.2-18.1_powerpc.deb Sun Sparc architecture: http://security.debian.org/dists/stable/updates/main/binary-sparc/ed_0.2-18.1_sparc.deb
Please enable JavaScript to view the comments powered by Disqus.
blog comments powered by
