2 matches found
CVE-2010-2449
Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...
CVE-2010-2449
CVE-2010-2449 affects Gource up to version 0.26. The vulnerability arises from logging to a predictable file name (/tmp/gource-$UID.tmp), enabling a symlink attack to overwrite an arbitrary file. Impact: potential file tampering with integrity risk; confidentiality/availability not indicated. No ...