Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12529
HistoryMay 03, 2006 - 12:00 a.m.

Ejabberd : Symlink vulnerability during installation process

2006-05-0300:00:00
vulners.com
12
JSON

Date : 2006-04-25
Vendor : www.process-one.net
Products : ejabberd binary installation for Linux
Vulnerable Versions : 1.1.1_1 and prior versions

When root user is running ejabberd-1.1.1_1-linux-installer.bin (in
order to install the Jabber server ejabberd). It creates in an insecure mode
a file named bitrock_installer.log in the /tmp directory.

Local users are abble to perform a symlink attack and then cause
a DoS on the local machine.

FREE pop-up blocking with the new MSN Toolbar - get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

JSON