Mandrake Linux Security Advisory : tcsh (MDKSA-2000:069)
High Nessus Plugin ID 61855
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA vulnerability exists with tcsh when using the in-here documents with the << syntax. When doing this, tcsh uses a temporary file to store the data. Unfortunately, the temporary file is not created securely and standard symlink attacks can be used to make tcsh overwrite arbitrary files.
SolutionUpdate the affected tcsh package.