3901 matches found
CVE-2001-0890
Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files...
Tripwire vulnerable to arbitrary file overwriting via symlink redirection of temporary file
Overview Tripwire is a file integrity verification utility for Unix and Linux operating systems. In some implementations, tripwire opens insecure temporary files with predictable names in publically-writable directories. Using a symbolic link attack, a local intruder may overwrite or create...
XMCD vulnerable to arbitrary file overwriting via symlink redirection of temporary file
Overview xmcd is an x11/motif CD playing utility, in the public domain. cda, the command line interface to xmcd, executes with system administrator privileges. It is vulnerable to a symbolic link attack that may allow a local user to obtain administrator privileges. Description cda, the command...
shadow-utils useradd creates temporary files insecurely
Overview Shadow-utils is an encryption and account management package freely distributed for many Linux implementations. The useradd program in this package creates insecure temporary files with predictable names in a write-protected directory. If this directory is changed to be writable, an...
SCO OpenServer/UnixWare vi creates temporary files insecurely
Overview The implementation of vi, a text editor, provided with SCO Openunix creates insecure temporary files with predictable names. Using a symbolic link attack, an intruder can overwrite any file writable by the user of vi. Description vi is a screen-oriented text editor. The implementation...
diffutils sdiff creates temporary files insecurely
Overview diffutils, a set of utilities distributed with many versions of linux, contains a utility called sdiff, which creates temporary files of predictable names in an insecure fashion. Using a symbolic link attack, an intruder can cause overwrite of any file writable by the user executing sdif...
Redhat Linux diskcheck.pl creates predictable temporary file and fails to check for existing symbolic link of same name
Overview Diskcheck.pl is a PERL script, part of Red Hat's powertools suite, that alerts a system administrator if any file system approaches capacity. In creating email alerts, diskcheck.pl creates insecure temporary files in a world-writable directory, which may permit an attacker to corrupt any...
mgetty creates temporary files insecurely
Overview mgetty, a replacement for getty designed to support modem and fax use, creates files of a predictable name in a world-writable directory without checking for the prior existence or ownership of the file. Using a symbolic link attack, an intruder might cause the overwrite of arbitrary fil...
getty_ps creates temporary files insecurely
Overview gettyps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. Description Under certain circumstances,...
Проблемы в скриптах начальной загрузки Red Hat (symbolic link)
Небезопасная работа с временными файлами в скрипте setserial...
[RHSA-2001:110-05] Insecure setserial initscript
--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Insecure setserial initscript Advisory ID: RHSA-2001:110-05 Issue date: 2001-09-12 Updated on: 2001-09-19 Product: Red Hat Linux Keywords: setserial initscript temporary file...
Sun Solaris catman creates temporary files insecurely
Overview catman, the unix manual display utility, creates insecure temporary files with predictable names in a world-writable directory. Since catman executes with system administration privileges, a symbolic link attack could overwrite arbitrary files. Description There is a vulnerability in...
ISC inn creates temporary files insecurely
Overview inn, a network news agent, may be configured on some operating systems to use a publically-writeable directory for its temporary files. This may be exploited to gain access to the news account. Description inn is distributed on a variety of Linux platforms. The program is written under t...
CVE-2001-0430
Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files...
CVE-2001-0430
The CVE-2001-0430 entry refers to a vulnerability in exuberant-ctags prior to version 3.2.4-0.1 where temporary files are created insecurely, leading to potential local file exposure or corruption. Public sources in the connected documents confirm the issue and identify the Debian package update ...
CVE-2001-0243
Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers t...
exuberant-ctags creates temporary files insecurely
Overview Some versions of exuberant-ctags, a source code navigation utility, create and use temporary files insecurely, leading to local file corruption and possible denial-of-service. Description Exuberent-ctags is a source code navigation utility. It creates temporary files with predictable nam...
Samba creates temporary files insecurely
Overview Samba handles temporary files insecurely, allowing arbitrary files to be overwritten and left in a state that would permit later modification. Description Samba is an implementation of the Server Message Block SMB protocol. Some versions of samba handle temporary files in an insecure...
CVE-1999-1036
COPS 1.04 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files in 1 resdiff, 2 ca.src, and 3 mail.chk...
CVE-1999-1038
Tiger 2.2.3 allows local users to overwrite arbitrary files via a symlink attack on various temporary files in Tiger's default working directory, as defined by the WORKDIR variable...