PT-2020-8470 · Unknown · Opentmpfiles

Orlitzky

Published

2020-10-26

Updated

2020-10-30

CVE-2017-18925

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: opentmpfiles versions 0.3.1 and earlier

Description: The issue allows local users to take ownership of arbitrary files due to mishandled d entries, which enables a symlink attack.

Recommendations: For versions 0.3.1 and earlier, consider restricting file access permissions to prevent unauthorized ownership changes until a patch is available. As a temporary workaround, consider implementing additional file system monitoring to detect and prevent symlink attacks.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2017-18925

Affected Products

Opentmpfiles

PT-2020-8470 · Unknown · Opentmpfiles

CVE-2017-18925

Weakness Enumeration

Related Identifiers

Affected Products

References · 7