First published: Tue Jan 28 2014(Updated: )
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Syncevolution | <=1.3.99.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.