Debian Security Advisory

trn -- /tmp file creation problem

Date Reported:

20 Aug 1999

Affected Packages:

trn

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-1999-0743.

More information:

All former versions of trn used a hardcoded filename in /tmp as temporary storage. A malicious symbolic link could cause a user to unknowingly overwrite a file to which they have access.

Fixed in:

alpha:: http://security.debian.org/dists/slink/updates/binary-alpha/trn_3.6-9.3.1_alpha.deb
i386:: http://security.debian.org/dists/slink/updates/binary-i386/trn_3.6-9.3.1_i386.deb
m68k:: http://security.debian.org/dists/slink/updates/binary-m68k/trn_3.6-9.3.1_m68k.deb
sparc:: http://security.debian.org/dists/slink/updates/binary-sparc/trn_3.6-9.3.1_sparc.deb