CVE-2006-6939

Summary

CVE	CVE-2006-6939
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-01-17 00:28:00 UTC
Updated	2017-07-29 01:29:00 UTC
Description	GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gnu	Ed	All	All	All	All

References

Reference	Source	Link	Tags
rPath update for ed - Advisories - Secunia	SECUNIA	secunia.com
2007-0005	TRUSTIX	www.trustix.org
Advisories \| Mandriva	MANDRIVA	www.mandriva.com
issues.rpath.com/browse/RPL-962	CONFIRM	issues.rpath.com
Webmail - OVH	VUPEN	www.vupen.com
Trustix update for bind and ed - Advisories - Secunia	SECUNIA	secunia.com
[SECURITY] Fedora Core 6 Update: ed-0.3-0.fc6 \| FedoraNEWS.ORG	FEDORA	fedoranews.org
GNU Ed Insecure Temporary File Creation Vulnerability	BID	www.securityfocus.com
Fedora update for ed - Advisories - Secunia	SECUNIA	secunia.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
[SECURITY] Fedora Core 5 Update: ed-0.3-0.fc5 \| FedoraNEWS.ORG	FEDORA	fedoranews.org
GNU ed – Freecode	CONFIRM	freshmeat.net
GNU ed Insecure Temporary File Creation - Advisories - Secunia	SECUNIA	secunia.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2007-01-18	Mark J Cox	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223072 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

There are currently no legacy QID mappings associated with this CVE.