skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ddskk | Ddskk | 11.6_.rel.0 (including) | 11.6_.rel.0 (including) |
| Daredevil_skk | Redhat | 11.3.2 (including) | 11.3.2 (including) |
| Daredevil_skk | Redhat | 11.3.5 (including) | 11.3.5 (including) |
| Daredevil_skk | Redhat | 11.6.0-6 (including) | 11.6.0-6 (including) |
| Daredevil_skk | Redhat | 11.6.0-8 (including) | 11.6.0-8 (including) |
| Daredevil_skk | Redhat | 11.6.0-10 (including) | 11.6.0-10 (including) |
| Ddskk-xemacs | Redhat | 11.6.0-6 (including) | 11.6.0-6 (including) |
| Ddskk-xemacs | Redhat | 11.6.0-8 (including) | 11.6.0-8 (including) |
| Ddskk-xemacs | Redhat | 11.6.0-10 (including) | 11.6.0-10 (including) |
| Skk | Skk | 10.62a (including) | 10.62a (including) |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux WS version 2.1 | RedHat | * | |
| Red Hat Linux 7.1 | RedHat | * | |
| Red Hat Linux 7.2 | RedHat | * | |
| Red Hat Linux 7.3 | RedHat | * | |
| Red Hat Linux 8.0 | RedHat | * | |
| Red Hat Linux 9 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * |
References
- http://www.debian.org/security/2003/dsa-343
- http://www.redhat.com/support/errata/RHSA-2003-242.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A28
- http://www.debian.org/security/2003/dsa-343
- http://www.redhat.com/support/errata/RHSA-2003-242.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A28