4 matches found
cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...
AZL-78935 CVE-2025-61731 affecting package golang 1.25.7-1
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a...
CVE-2007-6211
Send ICMP Nasty Garbage sing on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L output log file option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to overrid...
CVE-2004-2070
The Altiris Client Service for Windows 5.6 SP1 Hotfix E 5.6.181 allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590...