Computer Security
[EN] securityvulns.ru no-pyccku


scilab symbolic links vulnerability
Published:22.01.2009
Source:
SecurityVulns ID:9613
Type:remote
Threat Level:
5/10
Description:Symbolic links vulnerability on temporary files creation.
Affected:SCILAB : scilab 4.1
CVE:CVE-2008-4983 (scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts.)
Original documentdocumentGENTOO, [ GLSA 200901-14 ] Scilab: Insecure temporary file usage (22.01.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod