5 matches found
GHSA-GHQ2-5C67-FPRM PDM: Project-Local State and Config Writes Follow Symlinks
Summary PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets. This creates an arbitrary file clobber primitive relative to the privileges of the...
PT-2026-48600
Name of the Vulnerable Software and Affected Versions PDM versions prior to 2.28.0-1.1 Description PDM writes project-local state and configuration files without symlink protection, allowing a malicious repository to use symlinks to overwrite files outside the repository root. This creates an...
Solaris 10 Patch Cluster File Clobber
File clobbering vulnerability in Solaris 10 patch cluster 3/27/2013 Larry W. Cashdollar @larry0 Hello, The 147147-26 patch creates a CLEANUP file in /tmp that is vulnerable to symlink attacks: The contents of the file created in /tmp are: /sbin/sh:root@dev-unix-sec02 cat CLEANUP...
Solaris 10 Patch Cluster File Clobber
Solaris 10 patch cluster suffers from a file clobber vulnerability in /tmp. File clobbering vulnerability in Solaris 10 patch cluster 3/27/2013 Larry W. Cashdollar @larry0 Hello, The 147147-26 patch creates a CLEANUP file in /tmp that is vulnerable to symlink attacks: The contents of the file...
Oracle Auto Service Request File Clobber
Oracle Auto Service Request software package creates files insecurely in /tmp using time stamps instead of mkstemp. You can clobber root owned files if you know when around the time the root administrator will be using this utility. larry@oracle-os-lab01 tmp$ for x in seq 500 999; do ln -s...