symbolic software vulnerabilities
vulnerabilities.aspcode.net
Searching symbolic software vulnerabilities
sort creates temporary files and follows symbol
temporary
|
arbitrary
|
updatedb
|
observed
|
writable
|
symbolic
|
programs
|
running
|
creates
|
follows
|
modify
|
allows
|
other
|
which
|
links
|
files
|
users
|
local
|
sort
|
user
|
use
|
sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort.
GNU fingerd 1.37 does not properly drop privile
fingerd
|
GNU
|
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.
Solaris Solstice AdminSuite (AdminSuite) 2.1 fo
AdminSuite
|
Solstice
|
Solaris
|
Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files.
registrar in the HP resource monitor service al
registrarlog
|
information
|
permissions
|
arbitrary
|
registrar
|
resource
|
creating
|
original
|
renaming
|
readable
|
symbolic
|
monitor
|
appends
|
service
|
modify
|
target
|
allows
|
which
|
users
|
world
|
files
|
local
|
sets
|
read
|
file
|
link
|
log
|
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable.
Interscan VirusWall 3.6.x and earlier follows s
uninstalling
|
arbitrary
|
overwrite
|
Interscan
|
VirusWall
|
symbolic
|
product
|
earlier
|
follows
|
symlink
|
allows
|
attack
|
files
|
which
|
links
|
users
|
local
|
36x
|
via
|
Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack.
Hard link and possibly symbolic link following
vulnerabilities
|
following
|
symbolic
|
possibly
|
RTOS
|
Hard
|
link
|
QNX
|
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.
psbanner in the LPRng package allows local user
/tmp/before
|
overwrite
|
arbitrary
|
psbanner
|
symbolic
|
package
|
allows
|
attack
|
files
|
local
|
users
|
LPRng
|
file
|
link
|
via
|
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.
Symbolic link vulnerability in the slpd script
vulnerability
|
slpdall_init
|
Symbolic
|
OpenSLP
|
before
|
script
|
link
|
slpd
|
Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file.
Pedestal Software Integrity Protection Driver (
Protection
|
Integrity
|
Pedestal
|
Software
|
Driver
|
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
Buffer overflow in the ISO9660 file system comp
containing
|
component
|
arbitrary
|
malformed
|
symbolic
|
physical
|
overflow
|
ISO9660
|
execute
|
access
|
memory
|
allows
|
Buffer
|
system
|
kernel
|
entry
|
Linux
|
local
|
users
|
long
|
link
|
file
|
code
|
via
|
26x
|
24x
|
25x
|
Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
KDE before 3.3.0 does not properly handle when
before
|
KDE
|
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
StoreBackup before 1.19 does not properly set t
StoreBackup
|
before
|
StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.
Buffer overflow in git-checkout-index in GIT be
git-checkout-index
|
overflow
|
before
|
Buffer
|
GIT
|
Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.
BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows
Apple
|
Mac
|
BOM
|
BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links.
GNU tar 1.16 and 1.15.1, and possibly other ver
tar
|
GNU
|
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
Software vulnerabilities results 1 to 16 of 16
Page:
1