PT-2014-2455 · Pktstat · Pktstat
Sven Hartge
·
Published
2014-05-05
·
Updated
2014-05-05
·
CVE-2013-0350
CVSS v2.0
6.3
Medium
| Vector | AV:L/AC:M/Au:N/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
pktstat version 1.8.5
Description
The issue allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. This is due to a problem in tmp smtp.c.
Recommendations
For pktstat version 1.8.5, consider restricting access to /tmp/smtp.log to prevent a symlink attack until a patch is available.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pktstat