CVE-2003-1279

Name of the Vulnerable Software and Affected Versions S-PLUS version 6.0

Description The issue allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on several temporary files created by various components, including Sqpe, PRINT, mustfix.hlinks, sas get, sas vars, and sglm2html. The affected files include /tmp/ F8499, /tmp/PRINT.$$.out, /tmp/SUBST$PID.TXT, /tmp/ed.cmds$PID, /tmp/file.1, /tmp/file.2, /tmp/sgml2html$$tmp, /tmp/sgml2html$$tmp1, and /tmp/sgml2html$$tmp2.

Recommendations For S-PLUS version 6.0, consider restricting access to the temporary files and directories used by the affected components to minimize the risk of exploitation. As a temporary workaround, avoid using the affected components until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.