Secunia Security Advisory - A vulnerability in net-acct can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The write_list() and dump_curr_list() functions create temporary files insecurely. This can be exploited via symlink attacks to overwrite or create arbitrary files with the privileges of a user executing net-acct. The vulnerability affects version 0.71 and prior.
b396350780b8c1b8f374c9455b36472cd9ed1ffcecc1ac74c6273db16b32ce54GNU automake versions below 1.8.3 insecurely create temporary directories.
4fe8ec255d16150836017807977251cf7d3bd4e1d16ae0888f7192f69264f718Versions below 1.5.2 of GNU's libtool have a symlink vulnerability that creates a temporary directory when a package using libtool is being compiled.
ea8da7ea3d3c709ad14bfe61958c89e3adae4bd96c61857b2ef91789c1a5d545A vulnerability exists in the susewm package in SuSE Linux 8.2Pro where a symbolic link attack can escalate a user to root privileges. Workaround included.
0aa80f207e5b08ebc11c3b7e43d9ddc9e7d6a91abd06fb2afd67f194ee6f79f1The javarunt package distributed with SuSE Linux 7.3Pro is vulnerable to a local symbolic link attack that can achieve root privileges. Workaround included.
48a51c859fafc06b87258f025b2ef34173b96836352430cbc98107ca9004c380
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed