SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Vi.recover Vendors:   OpenBSD
OpenBSD vi.recover Denial of Service Issue May Let Local Users Delete Zero-Length Files on the System
SecurityTracker Alert ID:  1002747
SecurityTracker URL:  http://securitytracker.com/id/1002747
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 14 2001
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   OpenBSD reported a problem in the vi.recover script that could allow a local user to delete certain files on the system.

It is reported that a security issue exists with the /usr/libexec/vi.recover script that may allow a local user to remove arbitrary zero-length files.

No further details were provided.

The vendor credits lumpy@the.whole.net for reporting the problem.

Impact:   A local user could delete (remove) arbitrary zero-length files on the system.
Solution:   The vulnerability has been fixed in OpenBSD-current, the 3.0 patch branch (aka 3.0-stable). The fix will be committed shortly to the 2.9 branch (aka 2.9-stable).

The vendor has also released a patch to fix the problem:

For OpenBSD-2.9:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch

For OpenBSD-3.0
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/007_recover.patch

Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:   Not specified
Underlying OS:  UNIX (OpenBSD)

Message History:   None.


 Source Message Contents

Subject:  security issue with /usr/libexec/vi.recover


A security issue exists with the /usr/libexec/vi.recover script
that could allow an attacker to remove arbitrary zero-length files.

This problem is fixed in OpenBSD-current, the 3.0 patch branch (aka
3.0-stable).  The fix will be committed shortly to the 2.9 branch
(aka 2.9-stable).

A patch exists to fix the problem:

For OpenBSD-2.9:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch

For OpenBSD-3.0
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/007_recover.patch

Thanks to lumpy@the.whole.net for notifying us of the problem.

 - todd

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC