73 matches found
CVE-2008-5145
ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu. temporary file...
CVE-2008-5149
fwdcheck.sh in libncbi6 6.1.20080302 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ temporary file...
CVE-2008-4975
The CVE-2008-4975 entry concerns mkmailpost in newsgate 1.6, where a symlink attack on a /tmp/mmp##### temporary file allows local users to overwrite arbitrary files. The root cause is a symlink-based file overwrite vulnerability in the mkmailpost routine, enabling local privilege impact (complet...
CVE-2008-4948
fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ddjfest.tmp temporary file...
CVE-2008-4950
gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments...
CVE-2008-4950
gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments...
CVE-2007-3852
The init script sysstat.in in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code...
netperf netserver symbolic links vulnerability
Symbolic links vulnerability on /tmp/netperf.debug file creation...
[Full-disclosure] MySQL < 4.0.12 && MySQL <= 5.0.4 : Insecure tmp file handling
MySQL mysqlinstalldb data manipulation vendor: http://www.mysql.com advisory: http://www.zataz.net/adviso/mysql-05172005.txt vendor informed: yes exploit available:no MySQL contain a security flaw how could allow a malicious local attacker to inject arbitrary SQL commands during database creation...
RH 7.0 Crontab exploit - apparently fixed
/ Crontab tmp file race condition http://bugzilla.redhat.com/bugzilla/showbug.cgi?id=37771 Apparently this is fixed. Wonder why it still works. Local exploit Quick and dirty exploit for crontab insecure tmp files Redhat 7.0 - kept up2date with up2date Checked Tue Jun 26 00:15:32 NZST 2001...
Samba 2.0.x - Insecure TMP File Symbolic Link
Samba 2.0.x - Insecure TMP File Symbolic Link // source: https://www.securityfocus.com/bid/2617/info Samba is a flexible file sharing packaged maintained by the Samba development group. It provides interoperatability between UNIX and Microsoft Windows systems, permitting the sharing of files and...
Slackware Linux - usrbinppp-off Insecure tmp Call
Slackware Linux - usrbinppp-off Insecure tmp Call !/bin/sh In SlackWare Linux the script /usr/bin/ppp-off writes the output of 'ps x' to /tmp/grep.tmp. Since root is the user that runs ppp-off, a non-privileged user could create a link from /tmp/grep.tmp to any fileie: /etc/issue, thus when root...
Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - '/tmp' Symlink
source: https://www.securityfocus.com/bid/1201/info Netscape Communicator version 4.73 and prior may be susceptible to a /tmp file race condition when importing certificates. Netscape creates a /tmp file which is world readable and writable in /tmp, without calling stat or fstat on the file. As...