Rapid7 Vulnerability & Exploit Database

RHSA-2003:242: ddskk security update

Back to Search

RHSA-2003:242: ddskk security update

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
08/18/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/12/2017

Description

Updated ddskk packages which fix a temporary file security issue are now available.

Daredevil SKK is a simple Kana to Kanji conversion program, an input method of Japanese for Emacs. ddskk does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and skk. The Common Vulnerabilities and Exposures project (cve.mitre.org) has allocated the name CAN-2003-0539 to this issue. All users of ddskk should upgrade to these erratum packages containing a backported security patch that corrects this issue.

Solution(s)

  • redhat-upgrade-ddskk

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;