Rapid7 Vulnerability & Exploit Database

RHSA-2003:241: Updated ddskk packages fix temporary file vulnerability

Back to Search

RHSA-2003:241: Updated ddskk packages fix temporary file vulnerability

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
08/18/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated ddskk packages which fix a temporary file security issue are now available.

Daredevil SKK is a simple Kana to Kanji conversion program, an input method of Japanese for Emacs and XEmacs. ddskk does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and skk. The Common Vulnerabilities and Exposures project (cve.mitre.org) has allocated the name CAN-2003-0539 to this issue. All users of ddskk should upgrade to these erratum packages containing a backported security patch that corrects this issue.

Solution(s)

  • redhat-upgrade-ddskk
  • redhat-upgrade-ddskk-xemacs

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;