Compaq apparently released patches for the above mentioned vulnerability (and possibly some others) in the last day or two. I saw no mention of this so I thought I would throw it out. From the CERT info on the vulnerability: Vulnerability Note VU#10277 Various shells create temporary files insecurely when using << operator Overview sh uses /tmp files of a predictable name in creating files for input redirection using the << operator. http://www.tru64unix.compaq.com/unix/security-download.html for the patch/security information; http://ftp.support.compaq.com/patches/.new/unix.shtml for the actual patches. -- -Ross Roberts Unix/Network Administrator Alcatel Telecommunications Cable
