kexec-tools: insecure use of /tmp/*$$* filenames

It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files...

PT-2015-4553 · Red Hat +2 · Kexec-Tools +3

Name of the Vulnerable Software and Affected Versions: kexec-tools versions prior to 2.0.7-19 Description: The issue allows local users to write to arbitrary files via a symlink attack on a temporary file. This is related to the Red Hat module-setup.sh script for kexec-tools in Red Hat Enterprise...