The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mandrake_multi_network_firewall | Mandrakesoft | 8.2 (including) | 8.2 (including) |
| Openssl | Openssl | 0.9.6 (including) | 0.9.6 (including) |
| Openssl | Openssl | 0.9.6a (including) | 0.9.6a (including) |
| Openssl | Openssl | 0.9.6b (including) | 0.9.6b (including) |
| Openssl | Openssl | 0.9.6c (including) | 0.9.6c (including) |
| Openssl | Openssl | 0.9.6d (including) | 0.9.6d (including) |
| Openssl | Openssl | 0.9.6e (including) | 0.9.6e (including) |
| Openssl | Openssl | 0.9.6f (including) | 0.9.6f (including) |
| Openssl | Openssl | 0.9.6g (including) | 0.9.6g (including) |
| Openssl | Openssl | 0.9.6h (including) | 0.9.6h (including) |
| Openssl | Openssl | 0.9.6i (including) | 0.9.6i (including) |
| Openssl | Openssl | 0.9.6j (including) | 0.9.6j (including) |
| Openssl | Openssl | 0.9.6k (including) | 0.9.6k (including) |
| Openssl | Openssl | 0.9.6l (including) | 0.9.6l (including) |
| Openssl | Openssl | 0.9.6m (including) | 0.9.6m (including) |
| Openssl | Openssl | 0.9.7c (including) | 0.9.7c (including) |
| Openssl | Openssl | 0.9.7d (including) | 0.9.7d (including) |
| Red Hat Enterprise Linux 3 | RedHat | openssl-0:0.9.7a-33.15 | * |
| Red Hat Enterprise Linux 3 | RedHat | openssl096b-0:0.9.6b-16.22.3 | * |
| Red Hat Enterprise Linux 4 | RedHat | openssl-0:0.9.7a-43.2 | * |
| Red Hat Enterprise Linux 4 | RedHat | openssl096b-0:0.9.6b-22.3 | * |
| Openssl | Ubuntu | dapper | * |
| Openssl | Ubuntu | devel | * |
| Openssl | Ubuntu | edgy | * |
| Openssl | Ubuntu | feisty | * |
| Openssl097 | Ubuntu | dapper | * |
| Openssl097 | Ubuntu | devel | * |
| Openssl097 | Ubuntu | edgy | * |
| Openssl097 | Ubuntu | feisty | * |
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302
- http://secunia.com/advisories/12973
- http://www.debian.org/security/2004/dsa-603
- http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml
- http://www.redhat.com/support/errata/RHSA-2005-476.html
- http://www.securityfocus.com/bid/11293
- http://www.trustix.org/errata/2004/0050
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302
- http://secunia.com/advisories/12973
- http://www.debian.org/security/2004/dsa-603
- http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml
- http://www.redhat.com/support/errata/RHSA-2005-476.html
- http://www.securityfocus.com/bid/11293
- http://www.trustix.org/errata/2004/0050
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164