2 matches found
CVE-2014-1640
axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename...
CVE-2014-1640
CVE-2014-1640 affects the axiom package (version 20100701-1.1). The vulnerability arises from axiom-test.sh using tempfile to create a temporary file, but then appending a suffix to the original filename and writing to that new filename. This behavior permits local users to overwrite arbitrary fi...