Phase:Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program.
ReferencesBUGTRAQ:Friday, October 31, 2003 Advisory: Sun's jre/jdk 1.4.2 multiple vulernabilities in linuxinstallers | URL:http://www.securityfocus.com/archive/1/343038 | BID:8937 | URL:http://www.securityfocus.com/bid/8937 | XF:sun-jre-java-symlink(13570) | UR
Votes:Assigned (Wednesday, May 04, 2005)
Comments:None (candidate not yet proposed)
F7: