HtmlHeadLine.sh Symlink Arbitrary File Overwrite

2005-01-03T07:00:28
ID OSVDB:12681
Type osvdb
Reporter Javier Fernandez-Sanguino Pena(jfs@computer.org)
Modified 2005-01-03T07:00:28

Description

Vulnerability Description

HtmlHeadLine.sh contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when temp files are created insecurely. It is possible that the flaw may allow arbitrary files to be overwritten resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

HtmlHeadLine.sh contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when temp files are created insecurely. It is possible that the flaw may allow arbitrary files to be overwritten resulting in a loss of integrity.

References:

Vendor URL: http://kano.technolust.cx/hhl/ Vendor Specific Advisory URL Security Tracker: 1012756 Secunia Advisory ID:13714 Secunia Advisory ID:13715 Other Advisory URL: http://www.debian.org/security/2005/dsa-622 Nessus Plugin ID:16087 CVE-2004-1181