COMMAND

    glint

SYSTEMS AFFECTED

    Linux RedHat

PROBLEM

    Following is based on Red Hat Security Advisory  RHSA-2000:062-03.
    glint blindly follows  a symlink in  /tmp, overwriting the  target
    file, so it  can conceivably be  used to destroy  any file on  the
    system.

    If a specific symlink exists in /tmp, glint will open it and write
    to it when run by root -- so destruction of any file is  possible.
    Note that glint does not work with RPM 3.0 or higher.  If you have
    RPM 3.0 or higher installed,  just uninstall the glint package  to
    remove this vulnerability.

    Thanks to Stan Bubrouski for finding and reporting this bug.

SOLUTION

    Patches:

        ftp://updates.redhat.com/5.2/sparc/glint-2.6.3-1.sparc.rpm
        ftp://updates.redhat.com/5.2/alpha/glint-2.6.3-1.alpha.rpm
        ftp://updates.redhat.com/5.2/i386/glint-2.6.3-1.i386.rpm
        ftp://updates.redhat.com/5.2/SRPMS/glint-2.6.3-1.src.rpm

    SuSE distributions do not contain the glint package.  Please  note
    that the "xglint" package that  is on newer SuSE distributions  is
    an  accelerated  X-server   for  GLINT/PERMEDIA/PERMEDIA-2   based
    graphics  cards  and  has  nothing  to  do  with the glint package
    mentioned in the RedHat Security advisory.