CVE-2003-0381

Name of the Vulnerable Software and Affected Versions noweb versions 2.9 and earlier

Description The issue concerns multiple vulnerabilities in the noweb package that can lead to the compromise of protected information integrity. A local attacker can exploit these vulnerabilities. Technical details include the insecure creation of temporary files, allowing local users to overwrite arbitrary files through multiple vectors, including the noroff script.

Recommendations For noweb versions 2.9 and earlier, consider restricting access to the noroff script until a patch is available. As a temporary workaround, avoid using the noweb package for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.