CVE-2001-1448

Name of the Vulnerable Software and Affected Versions Magic eDeveloper Enterprise Edition versions 8.30-5 and earlier

Description The issue allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the mkuserproc, mgrnt, and mgdatasrvr.sc scripts.

Recommendations For Magic eDeveloper Enterprise Edition versions 8.30-5 and earlier, consider restricting access to the mkuserproc, mgrnt, and mgdatasrvr.sc scripts to minimize the risk of exploitation. As a temporary workaround, avoid using these scripts until a patch is available.