May 4, 2001

Security update to sgmltool

Author: JT Smith

Posted at The sgmltool programs ("sgml2html" and others) are used to convert
SGML-files into various other formats.

During operation, the underlying SGML perlmodule creates temporary files
in an insecure way. This allows attackers to destroy arbitrary files owned
by the user who invoked the sgmltool program. The problem has been fixed
by creating temporary files with the exclusive (O_EXCL) option upon
opening them.


  • Linux
Click Here!