CVE-2002-2001

jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack...

CVE-2002-2051

The processorweb plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a symlink attack on files specified as hostnames in a log file...

CVE-2002-2050

Directory traversal vulnerability in processorweb plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a .. dot dot in the hostname of a log entry...

CVE-2002-2267

bogopass in bogofilter 0.9.0.4 allows local users to overwrite arbitrary files via a symlink attack on the bogopass temporary file...

CVE-2002-1764

acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2002-1890

rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file...

CVE-2002-1366

Common Unix Printing System CUPS 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream...

CVE-2002-1344

Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing 1 /absolute/path or 2 .. dot dot sequences...

CVE-2002-1345

Technical details for CVE-2002-1345 are not provided in the supplied connected documents; no explicit affected products, versions, or fixes are available here. Monitor for updates.

Moderate: Red Hat Security Advisory: wget security update

The wget packages shipped with Red Hat Linux Advanced Server 2.1 contain a security bug which, under certain circumstances, can cause local files to be written outside the download directory. Updated 09 Jan 2003 Added fixed packages for the Itanium IA64 architecture. Updated 06 Feb 2003 Added fix...

CVE-2002-1216

GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check...

CVE-2002-1216

GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check...

CVE-2002-1216

GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check...

CVE-2002-0399

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a 1 "/.." or 2 "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267...

[SECURITY] [DSA 172-1] New tkmail packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 172-1 [email protected] http://www.debian.org/security/ Martin Schulze October 8th, 2002 http://www.debian.org/security/faq -...

DSA-172 tkmail - insecure temporary files

Bulletin has no description...

CVE-2002-0887

scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files...

Unauthorized access in OpenVMS POP3 server

It's possible to overwrite local file by specifing it as a log file...

OpenVMS POP server local vulnerability

Akita Security Advisory 27/09/2002 OpenVMS UCX$POPSERVER.EXE vulnerability Advisory: http://www.akita-security.co.uk/VMS/ucxpopserver.txt VMS security tool http://www.akita-security.co.uk/stoat Overview ======== UCX is the main TCP/IP stack for OpenVMS. Akita Security have discovered a...

Low: Red Hat Security Advisory: : : : Updated unzip and tar packages fix vulnerabilities

The unzip and tar utilities contain vulnerabilities which can allow arbitrary files to be overwritten during archive extraction. updated Jan 22 2003 Added description of CAN-2002-1216 which was also fixed by these erratum packages The unzip and tar utilities are used for manipulating archives,...