First published: Tue Jan 28 2014(Updated: )
axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Axiom | =20100701-1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.