CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.1%
apertium 3.0.7 allows local users to overwrite arbitrary files via a
symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, ©
/tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e)
/tmp/#####docxsalida.zip, (f) /tmp/#####xlsxembed, (g) /tmp/#####xlsxorig,
and (h) /tmp/#####xslxsalida.zip temporary files, related to the (1)
apertium-gen-deformat, (2) apertium-gen-reformat, and (3) apertium scripts.