3901 matches found
CVE-1999-1439
CVE-1999-1439 : The vulnerability is in gcc 2.7.2, where local users can overwrite arbitrary files via a symlink attack on temporary files ending in .i, .s, or .o. The provided documents describe the affected component and the underlying cause (symlink/temporary file race) and identify the impact...
CVE-1999-1095
The CVE-1999-1095 entry concerns the sort utility. It describes that sort creates temporary files and follows symbolic links, enabling a local user to modify arbitrary files writable by the user running sort. This impact is observed in updatedb and other programs that invoke sort. The documents d...
CVE-1999-1042
Cisco Resource Manager CRM 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings...
CVE-2001-1378
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files...
CVE-2001-0556
The Nirvana Editor NEdit 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on 1 backup files or 2 temporary files used when nedit prints a file or portions of a file...
OpenSSH allows arbitrary file deletion via symlink redirection of temporary file
Overview Due to insecure handling of temporary files, some versions of sshd, an encrypted connection program, can delete any file named "cookies" accessible via the computer running sshd. Description sshd is the server software used to support ssh, a popular encryted connection program. Some...
Aladdin Ghostscript creates insecure temporary files allowing a local user to create symbolic links to other files
Overview Alladin Ghostscript, a previewer for postscript files, creates temporary files with a predictable names. The creation allows attackers to use symbolic links to overwrite other files on the host. Description Alladin Ghostscript is a previewer for postscript files. It creates temporary fil...
sort creates temporary files insecurely
Overview The sort utility creates temporary files insecurely, making sort subject to a denial-of-service attack. Description The UNIX sort utility creates temporary files with predictable names. The creation is done in a manner to prevent information loss via a symlink attack, but existence of th...
remedy.txt
Security Holes in Remedy Client Installer Summary ------- Due to improper handling of temporary files, the installer program for Remedy Software's Action Request System client for unix can allow local users to gain root privileges. Details ------- The installer script for the unix AR clients...
mf.txt
Potential Root Compromise in MicroFocus Cobol Summary ------- If the AppTrack feature is enabled, the default install of MicroFocus Cobol 4.1 Merant's commercial suite of cobol utilities contains a security hole which can lead to root compromise. Specifics --------- In the default install,...
Символьные линки в rcs2log (sumbolic link)
Проблема символьных линков при создании временного файла позволяет переписать файлы запускающего пользователя...
CVE-2001-0556
The CVE describes a local arbitrary-file overwrite vulnerability in Nirvana Editor (NEdit) 5.1.1 and earlier, caused by a symlink/insecure temporary file handling when printing (affecting backup and temp files).
CVE-2001-0556
The Nirvana Editor NEdit 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on 1 backup files or 2 temporary files used when nedit prints a file or portions of a file...
Sambar Web Server pagecount exploit code
by default, there is a pagecount script with Sambar Web Server it's situated at http://sambarserver/session/pagecount counter writes it's temporary files at c:sambardirectorytmp if we'll write http://sambarserver/session/pagecount?page=index it will create file in Sambar temp directory with name...
[ESA-20010711-01] AllCommerce insecure temporary files
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------+ | EnGarde Secure Linux Security Advisory July 11, 2001 | | http://www.engardelinux.org/ ESA-20010711-01 | | | | Package: AllCommerce | | Summary: AllCommerce creates insecure...
Символьные линки в AllCommerce (symbolic link)
Проблема символьных линков при работе с временными файлами...
Samsung ml85p Printer Driver 1.0 - Insecure Temporary File Creation (3)
Samsung ml85p Printer Driver 1.0 - Insecure Temporary File Creation 3 source: https://www.securityfocus.com/bid/3008/info ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript. ml85p does not check for symbolic links when creating image...
Символьные линки в Tripwire (symbolic link)
Проблема символьнгых линков при создании временных файлов...
Samsung ml85p Printer Driver 1.0 - Insecure Temporary File Creation (3)
source: https://www.securityfocus.com/bid/3008/info ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript. ml85p does not check for symbolic links when creating image output files. These files are created in /tmp with a guessable naming...
Tripwire temporary files
------------------------------------------------------------ Insecure temporary files in Tripwire [email protected] $Date: 2001/07/09 05:02:02 $ ------------------------------------------------------------ Author: Jarno Huuskonen [email protected] Discovered: Tue 16 Jan 2001 Vendor...