More nedit problems ? (was Re: PROGENY-SA-2001-10...)

From: Jarno Huuskonen (Jarno.Huuskonenat_private)
Date: Sat Apr 28 2001 - 01:50:16 PDT

Next message: Rick Updegrove: "Re: XML scripting in IE, Outlook Express"

Previous message: dark spyrit: "Re: Microsoft ISA Server Vulnerability"
In reply to: Progeny Security Team: "PROGENY-SA-2001-10: Older versions of NEdit make insecure use of temp files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 27, Progeny Security Team wrote:
> NEdit, a popular GUI editor, insecurely opens a file in /tmp for
> printing purposes. This vulnerability could be used by a local
> attacker to cause a privileged user to unwittingly overwrite a file
> (via a symbolic link) to which the user has write access.

With google search for 'nedit security' I found this:
http://www.nedit.org/archives/develop/2001-Feb/0391.html

It looks like that NEdit has also problems when creating incremental backups
and backup files (.bck) (If somebody can create symlinks in the same
directory).

-Jarno

Next message: Rick Updegrove: "Re: XML scripting in IE, Outlook Express"
Previous message: dark spyrit: "Re: Microsoft ISA Server Vulnerability"
In reply to: Progeny Security Team: "PROGENY-SA-2001-10: Older versions of NEdit make insecure use of temp files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Apr 28 2001 - 10:14:34 PDT