Description
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.
Products
- OpenBSD OpenBSD
- OpenBSD
- OpenBSD 2.0
- OpenBSD 2.1
- OpenBSD 2.2
- OpenBSD 2.3
- OpenBSD 2.4
- OpenBSD 2.5
- OpenBSD 2.6
- OpenBSD 2.7
- OpenBSD 2.8
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2001-0378, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2001-0378 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References