PT-2002-2722 · Jmcce · Jmcce

Published

2002-12-31

Updated

2008-09-10

CVE-2002-2001

CVSS v2.0

1.2

Low

Vector

AV:L/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions jmcce version 1.3.8

Description The issue allows local users to overwrite arbitrary files via a symlink attack because jmcce creates log files in /tmp with predictable names.

Recommendations For jmcce version 1.3.8, consider restricting access to the /tmp directory to prevent local users from creating symlinks, or update the configuration to use a secure log file naming scheme to prevent predictable names.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-2001

Affected Products

Jmcce

PT-2002-2722 · Jmcce · Jmcce

CVE-2002-2001

Related Identifiers

Affected Products

References · 4