2 matches found
shtool -- insecure temporary file creation
A Zataz advisory reports that shtool contains a security flaw which could allow a malicious local user to create or overwrite the contents of arbitrary files. The attacker could fool a user into executing the arbitrary file possibly executing arbitrary code...
mysql-server -- insecure temporary file creation
A Zataz advisory reports that MySQL contains a security flaw which could allow a malicious local user to inject arbitrary SQL commands during the initial database creation process. The problem lies in the mysqlinstalldb script which creates temporary files based on the PID used by the script...