Mandrake Linux Security Advisory : tcsh (MDKSA-2000:069)

High Nessus Plugin ID 61855


The remote Mandrake Linux host is missing a security update.


A vulnerability exists with tcsh when using the in-here documents with the << syntax. When doing this, tcsh uses a temporary file to store the data. Unfortunately, the temporary file is not created securely and standard symlink attacks can be used to make tcsh overwrite arbitrary files.


Update the affected tcsh package.

Plugin Details

Severity: High

ID: 61855

File Name: mandrake_MDKSA-2000-069.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2012/09/06

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:tcsh, cpe:/o:mandrakesoft:mandrake_linux:6.0, cpe:/o:mandrakesoft:mandrake_linux:6.1, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2000/11/13

Reference Information

MDKSA: 2000:069