[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#318285: CAN-2005-2240 symlink attack in xpvm.tcl

Package: xpvm
Severity: serious
Tags: security

According to http://secunia.com/advisories/16040:

  Eric Romang has reported a vulnerability in xpvm, which can be exploited by
  malicious, local users to perform certain actions on a vulnerable system with
  escalated privileges.

  The vulnerability is caused due to the temporary file "/tmp/xpvm.trace.$user"
  being created insecurely by "src/xpvm.tcl". This can be exploited via symlink
  attacks to create or overwrite arbitrary files with the privileges of the user
  running the affected application.

This is CAN-2005-2240.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: