RHEL 2.1 : ddskk (RHSA-2003:242)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated ddskk packages which fix a temporary file security issue are
now available.

Daredevil SKK is a simple Kana to Kanji conversion program, an input
method of Japanese for Emacs.

ddskk does not take appropriate security precautions when creating
temporary files. This bug could potentially be exploited to overwrite
arbitrary files with the privileges of the user running Emacs and skk.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
allocated the name CVE-2003-0539 to this issue.

All users of ddskk should upgrade to these erratum packages containing
a backported security patch that corrects this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2003-0539.html
http://rhn.redhat.com/errata/RHSA-2003-242.html

Solution :

Update the affected ddskk package.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12411 ()

Bugtraq ID:

CVE ID: CVE-2003-0539