Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps N-Z :: nedit~1.htm

nedit insecure file creation could lead to elevation of privileges



Vulnerability

    nedit

Affected

    nedit

Description

    The Nirvana  Editor, NEdit,  is a  GUI-style text  editor based on
    popular Macintosh and MS Windows  editors.  When printing a  whole
    text or  selected parts  of a  text, nedit(1)  creates a temporary
    file in an insecure manner.

    This behavior  could be  exploited to  gain access  to other users
    privileges, even root.

Solution

    There is  no workaround  possible, because  tmpnam(3) ignores  the
    TMPDIR environment variable.  Just install the new RPM to fix this
    problem on SuSE:

        ftp://ftp.suse.com/pub/suse/i386/update/7.1/xap2/nedit-5.1.1-151.i386.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/nedit-5.1.1-151.src.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/7.0/xap1/nedit-5.1.1-151.i386.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/nedit-5.1.1-151.src.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.4/xap1/nedit-5.0.2-207.i386.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/nedit-5.0.2-207.src.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.3/xap1/nedit-5.0.2-208.i386.rpm
        ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/nedit-5.0.2-208.src.rpm
        ftp://ftp.suse.com/pub/suse/sparc/update/7.1/xap2/nedit-5.1.1-135.sparc.rpm
        ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/nedit-5.1.1-135.src.rpm
        ftp://ftp.suse.com/pub/suse/sparc/update/7.0/xap1/nedit-5.1.1-134.sparc.rpm
        ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/nedit-5.1.1-134.src.rpm
        ftp://ftp.suse.com/pub/suse/axp/update/6.4/xap1/nedit-5.0.2-207.alpha.rpm
        ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/nedit-5.0.2-207.src.rpm
        ftp://ftp.suse.com/pub/suse/axp/update/6.3/xap1/nedit-5.0.2-207.alpha.rpm
        ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/nedit-5.0.2-207.src.rpm
        ftp://ftp.suse.com/pub/suse/ppc/update/7.1/xap2/nedit-5.1.1-122.ppc.rpm
        ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/nedit-5.1.1-122.src.rpm
        ftp://ftp.suse.com/pub/suse/ppc/update/7.0/xap1/nedit-5.1.1-122.ppc.rpm
        ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/nedit-5.1.1-122.src.rpm
        ftp://ftp.suse.com/pub/suse/ppc/update/6.4/xap1/nedit-5.0.2-146.ppc.rpm
        ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/nedit-5.0.2-146.src.rpm

    For Debian:

        http://security.debian.org/dists/stable/updates/non-free/source/nedit_5.02-7.1.diff.gz
        http://security.debian.org/dists/stable/updates/non-free/source/nedit_5.02-7.1.dsc
        http://security.debian.org/dists/stable/updates/non-free/source/nedit_5.02.orig.tar.gz
        http://security.debian.org/dists/stable/updates/non-free/binary-alpha/nedit_5.02-7.1_alpha.deb
        http://security.debian.org/dists/stable/updates/non-free/binary-arm/nedit_5.02-7.1_arm.deb
        http://security.debian.org/dists/stable/updates/non-free/binary-i386/nedit_5.02-7.1_i386.deb
        http://security.debian.org/dists/stable/updates/non-free/binary-m68k/nedit_5.02-7.1_m68k.deb
        http://security.debian.org/dists/stable/updates/non-free/binary-powerpc/nedit_5.02-7.1_powerpc.deb
        http://security.debian.org/dists/stable/updates/non-free/binary-sparc/nedit_5.02-7.1_sparc.deb

    For Linux-Mandrake:

        Linux-Mandrake 7.1: 7.1/RPMS/nedit-5.1.1-9.2mdk.i586.rpm
                            7.1/SRPMS/nedit-5.1.1-9.2mdk.src.rpm
        Linux-Mandrake 7.2: 7.2/RPMS/nedit-5.1.1-9.1mdk.i586.rpm
                            7.2/SRPMS/nedit-5.1.1-9.1mdk.src.rpm
        Linux-Mandrake 8.0: 8.0/RPMS/nedit-5.1.1-13.1mdk.i586.rpm
                            8.0/SRPMS/nedit-5.1.1-13.1mdk.src.rpm
    Corporate Server 1.0.1: 1.0.1/RPMS/nedit-5.1.1-9.2mdk.i586.rpm
                            1.0.1/SRPMS/nedit-5.1.1-9.2mdk.src.rpm

    For Progeny:

        wget http://archive.progeny.com/progeny/updates/newton/nedit_5.1.1-1.0progeny1_i386.deb

    For RedHat:

        ftp://updates.redhat.com/5.2/en/powertools/SRPMS/nedit-5.1.1-0.5x.1.src.rpm
        ftp://updates.redhat.com/5.2/en/powertools/alpha/nedit-5.1.1-0.5x.1.alpha.rpm
        ftp://updates.redhat.com/5.2/en/powertools/i386/nedit-5.1.1-0.5x.1.i386.rpm
        ftp://updates.redhat.com/5.2/en/powertools/sparc/nedit-5.1.1-0.5x.1.sparc.rpm
        ftp://updates.redhat.com/6.2/en/powertools/SRPMS/nedit-5.1.1-0.6x.1.src.rpm
        ftp://updates.redhat.com/6.2/en/powertools/alpha/nedit-5.1.1-0.6x.1.alpha.rpm
        ftp://updates.redhat.com/6.2/en/powertools/i386/nedit-5.1.1-0.6x.1.i386.rpm
        ftp://updates.redhat.com/6.2/en/powertools/sparc/nedit-5.1.1-0.6x.1.sparc.rpm
        ftp://updates.redhat.com/7.0/en/powertools/SRPMS/nedit-5.1.1-4.70.1.src.rpm
        ftp://updates.redhat.com/7.0/en/powertools/alpha/nedit-5.1.1-4.70.1.alpha.rpm
        ftp://updates.redhat.com/7.0/en/powertools/i386/nedit-5.1.1-4.70.1.i386.rpm
        ftp://updates.redhat.com/7.1/en/powertools/SRPMS/nedit-5.1.1-6.src.rpm
        ftp://updates.redhat.com/7.1/en/powertools/i386/nedit-5.1.1-6.i386.rpm


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH