CVE-2016-9595

Name of the Vulnerable Software and Affected Versions katello-debug versions prior to 3.4.0

Description A flaw was found in katello-debug where certain scripts and log files used insecure temporary files, allowing a local user to conduct a symbolic-link attack and overwrite the contents of arbitrary files.

Recommendations For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary files used by the scripts and log files to minimize the risk of exploitation.