10 matches found
CVE-2014-2277
The maketemporaryfilename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function...
CVE-2014-2277
The maketemporaryfilename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function...
Design/Logic Flaw
The maketemporaryfilename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function...
DEBIAN-CVE-2014-2277
The maketemporaryfilename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function...
UBUNTU-CVE-2014-2277
The maketemporaryfilename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function...
CVE-2014-2277
The CVE-2014-2277 issue affects perltidy up to version 20120701-1, where the make_temporary_filename function can be exploited by local users to read sensitive data or replace arbitrary files via a symlink attack tied to the use of tmpnam. This is the explicit vulnerability detail in the provided...
CVE-2014-2277
The maketemporaryfilename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function...
CVE-2014-2277
The maketemporaryfilename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function...
Updated perltidy package fixes security vulnerability
perltidy's maketemporaryfilename function insecurely created temporary files via the use of the tmpnam function. A local attacker could use this flaw to perform a symbolic link attack CVE-2014-2277...
Mandrake Linux Security Advisory : xpdf (MDKSA-2000:041-1)
There is a potential race condition when using tmpnam and fopen in xpdf versions prior to 0.91. This exploit can be only used as root to overwrite arbitrary files if a symlink is created between the calls to tmpname and fopen. There is also a problem with malicious URL-type links in PDF documents...