First published: Tue Jan 28 2014(Updated: )
(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Localepurge | <=0.7.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.