PT-2017-4956 · Debian · Foo2Zjs
D--
+1
·
Published
2017-10-23
·
Updated
2017-11-21
·
CVE-2011-2684
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
foo2zjs versions prior to 20110722dfsg-3ubuntu1
foo2zjs version 20110722dfsg-1
foo2zjs version 20090908dfsg-5.1+squeeze0
Description:
The issue allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs, due to insecure creation of temporary files.
Recommendations:
For foo2zjs version 20110722dfsg-1, update to a version later than 20110722dfsg-1 to resolve the issue.
For foo2zjs version 20090908dfsg-5.1+squeeze0, update to a version later than 20090908dfsg-5.1+squeeze0 to resolve the issue.
For foo2zjs versions prior to 20110722dfsg-3ubuntu1, update to version 20110722dfsg-3ubuntu1 or later to resolve the issue.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foo2Zjs