Netscape vulnerable to arbitrary file overwriting via symlink redirection of temporary file

Overview During installation, Netscape 6.0.1 creates a temporary file with insecure options and a predictable name in a world-writable location. By using a symbolic link attack, an attacker could cause overwrite of arbitrary files. Description The installation script for Netscape 6.0.1 creates a...

CVE-2001-0730

split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / slash in the Host: header...

FW: ASI Oracle Security Alert: 3 new security alerts

I have not seen the latest Oracle bugs on the list yet. 2 and 3 were credited to Juan Manuel Pascual EscribГ by Oracle. -----Original Message----- From: [email protected] mailto:[email protected] Sent: 23 October 2001 11:00 To: [email protected] Subject: ASI Oracle Security Alert: 3 n...

Samba NETBIOS Name Traversal Arbitrary Remote File Creation

The remote Samba server, according to its version number, allows creation of arbitrary remote files. This vulnerability allows an attacker to overwrite arbitrary files by supplying an arbitrarily formed NetBIOS machine name to this server, and to potentially become root on the remote server. An...

CVE-2001-0744

Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file...

CVE-2001-0736

This CVE (CVE-2001-0736) affects the Pine email client (and pico editor) prior to version 4.33, where a local user can overwrite arbitrary files via a symlink attack. The vulnerability allows any local user to overwrite files owned by other users, including root, under certain conditions. A fix i...

diffutils sdiff creates temporary files insecurely

Overview diffutils, a set of utilities distributed with many versions of linux, contains a utility called sdiff, which creates temporary files of predictable names in an insecure fashion. Using a symbolic link attack, an intruder can cause overwrite of any file writable by the user executing sdif...

mgetty creates temporary files insecurely

Overview mgetty, a replacement for getty designed to support modem and fax use, creates files of a predictable name in a world-writable directory without checking for the prior existence or ownership of the file. Using a symbolic link attack, an intruder might cause the overwrite of arbitrary fil...

Sun Solaris catman creates temporary files insecurely

Overview catman, the unix manual display utility, creates insecure temporary files with predictable names in a world-writable directory. Since catman executes with system administration privileges, a symbolic link attack could overwrite arbitrary files. Description There is a vulnerability in...

CVE-2001-0642

Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. dot dot sequences to filenames listed in the content.ini file...

CVE-2001-0474

Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file...

CVE-2001-0095

catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the smanPID temporary file...

CVE-2001-0095

Catman in Solaris 2.7/2.8 creates insecure temporary files with predictable names in world-writable /tmp, enabling local users to perform a symlink attack to overwrite arbitrary files. The root cause is predictable temp-file naming and symlink handling when run as root. Impact is local privilege ...

Samba creates temporary files insecurely

Overview Samba handles temporary files insecurely, allowing arbitrary files to be overwritten and left in a state that would permit later modification. Description Samba is an implementation of the Server Message Block SMB protocol. Some versions of samba handle temporary files in an insecure...

CVE-1999-1227

Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file...

CVE-1999-1352

CVE-1999-1352 describes a local privilege/vulnerability in Linux 2.2 where mknod follows symbolic links, potentially allowing a local user to overwrite files or gain privileges. The connected sources reiterate this behavior but do not provide concrete exploitation details, specific vulnerable ver...

CVE-1999-1495

CVE-1999-1495 describes a local vulnerability in xtvscreen for SuSE Linux 6.0 where a symlink attack on the file “pic000.pnm” lets a local user overwrite arbitrary files. The underlying issue is a symlink-based file-overwrite path within xtvscreen. Documented impact indicates no confidentiality o...

CVE-1999-1227

CVE-1999-1227 concerns Ethereal and a local symlink-attack that allows overwriting arbitrary files via the packet capture file. Documentation consistently states the flaw is a local-privilege issue due to a symlink race, enabling complete confidentiality, integrity, and availability impact for af...

CVE-1999-1038

Tiger 2.2.3 allows local users to overwrite arbitrary files via a symlink attack on various temporary files in Tiger's default working directory, as defined by the WORKDIR variable...

CVE-1999-1388

passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument...