CVE-2014-1640

Name of the Vulnerable Software and Affected Versions axiom version 20100701-1.1

Description The issue allows local users to overwrite arbitrary files via a symlink attack. This is due to the axiom-test.sh script in axiom using tempfile to create a temporary file, but then appending a suffix to the original filename and writing to this new filename.

Recommendations For axiom version 20100701-1.1, consider modifying the axiom-test.sh script to properly handle temporary file creation and avoid appending suffixes to original filenames, thereby preventing symlink attacks. As a temporary workaround, consider restricting access to the axiom-test.sh script until a proper fix is implemented.