Package name
tcsh
Date
2000-11-13
Advisory ID
MDKSA-2000:069
Affected versions
6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586 , 7.2 i586

Problem description

A vulnerability exists with tcsh when using the in-here documents with the << syntax. When doing this, tcsh uses a temporary file to store the data. Unfortunately, the temporary file is not created securely and standard symlink attacks can be used to make tcsh overwrite arbitrary files.

Updated packages

6.1 i586

 c6a888050c151bb8caf9f9e448e6a99d  6.1/RPMS/tcsh-6.09.04-1.2mdk.i586.rpm
4137396e407c173227ee4cefb35bbb89  6.1/SRPMS/tcsh-6.09.04-1.2mdk.src.rpm

6.0 i586

 1870a7480af74a09d3fbcb743be4d68b  6.0/RPMS/tcsh-6.09.04-1.2mdk.i586.rpm
4137396e407c173227ee4cefb35bbb89  6.0/SRPMS/tcsh-6.09.04-1.2mdk.src.rpm

7.0 i586

 b2ff9906f77f4f8f738f85aedcd6d1ce  7.0/RPMS/tcsh-6.09.04-1.2mdk.i586.rpm
4137396e407c173227ee4cefb35bbb89  7.0/SRPMS/tcsh-6.09.04-1.2mdk.src.rpm

7.1 i586

 8e917a65861dd246f2a55786415395f5  7.1/RPMS/tcsh-6.09.04-1.2mdk.i586.rpm
4137396e407c173227ee4cefb35bbb89  7.1/SRPMS/tcsh-6.09.04-1.2mdk.src.rpm

7.2 i586

 14284cbb343a88bcceca0fff6a0e6416  7.2/RPMS/tcsh-6.09.04-1.1mdk.i586.rpm
190fbcfe6c8329274290445add4c3065  7.2/SRPMS/tcsh-6.09.04-1.1mdk.src.rpm