[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Vulnerability in elm 2.4 PL 24

Title: Vulnerability in elm 2.4 PL 24
Released by:
Date: 18th December 1995
Printable version: Click here
I. Description





Elm will follow symlinks in /tmp when opening temp files.  All systems that

support symlinks are vulnerable.  



All versions of elm prior to 2.4 PL 25 are vulnerable, including elm 2.3.





II. Impact



Users on the system can create files in the directories of other elm users.



You can determine what version of elm you are running with the -v command line

option (run "elm -v").





III. Solution



Upgrade to elm 2.4 PL 25.  The patch to upgrade from elm 2.4 PL 24 to PL 25

is available at:



http://ftp.myxa.com/pub/elm/elm2.4.p25

MD5 (elm2.4.p25) = 5ec93595c7573be4d0cb4ce7097b6e83



The full distribution of elm 2.4 PL 25 is available at:



http://ftp.myxa.com/pub/elm/elm2.4.tar.Z

MD5 (elm2.4.tar.Z) = e5bdc4492a4931402c57ac9a8cf111b2





Here some alternative sites that have agreed to make elm available for

anonymous FTP. Not all have been verified. If you have difficulty reaching

a site, or if file is not there or has an incorrect checksum, please try

another site.





        Site                    Contact

        In the US/Canada:

        wuarchive.wustl.edu     chris@wugate.wustl.edu (Chris Myers)

        (128.252.135.4)

        /packages/mail/elm



        ftp.uu.net

        (137.39.1.9, 192.48.96.9)

        /networking/mail/elm



        In Europe:

        ftp.cs.ruu.nl           Edwin Kremer, edwin@cs.ruu.nl

        (131.211.80.17)

        /pub/ELM-2.4



        ftp.th-darmstadt.de     ftpadmin@ftp.th-darmstadt.de

        (130.83.55.75)

        /pub/networking/mail/elm



        ftp.th-darmstadt.de     ftpadmin@ftp.th-darmstadt.de

        (130.83.55.75)

        pub/networking/mail/elm



        In the UK:

        ftp.ecs.soton.ac.uk     T.Chown@ecs.soton.ac.uk (bitnet)

        (152.78.64.201)         T.Chown@uk.ac.soton.ecs (JANET)

        /pub/elm



        ftp.demon.co.uk         Cliff Stanford, cliff@demon.co.uk

        (158.152.1.65)

        /pub/unix/mail/elm



        src.doc.ic.ac.uk        L.McLoughlin@doc.ic.ac.uk

        (146.169.2.10)

        computing/mail/elm





        In Australia:

        ftp.adelaide.edu.au     Mark Prior, mrp@itd.adelaide.edu.au

        (129.127.40.3)

        /pub/mailers



        In Taiwan:

        NCTUCCCA.edu.tw         Huang, Chih-Hsien hch@NCTUCCCA.edu.tw

        (140.111.3.21)

        /packages/mail/elm





- - -- 

Bill Pemberton                           wfp5p@virginia.edu

ITC/Unix Systems                         flash@virginia.edu

University of Virginia                   uunet!virginia!wfp5p












(C) 1999-2000 All rights reserved.