Oracle Auto Service Request Insecure Temporary File Creation Vulnerability
BID:58230
Info
Oracle Auto Service Request Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 58230 |
| Class: | Design Error |
| CVE: |
CVE-2013-1495 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 01 2013 12:00AM |
| Updated: | Apr 17 2013 12:59AM |
| Credit: | Larry W. Cashdollar |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Oracle Auto Service Request Insecure Temporary File Creation Vulnerability
Oracle Auto Service Request is prone to an insecure temporary-file-creation vulnerability.
Successfully exploiting this issue allows an attacker to overwrite arbitrary files and to perform symbolic-link attacks in the context of the affected application. Other attacks may also be possible.
Oracle Auto Service Request is prone to an insecure temporary-file-creation vulnerability.
Successfully exploiting this issue allows an attacker to overwrite arbitrary files and to perform symbolic-link attacks in the context of the affected application. Other attacks may also be possible.
Exploit / POC
Oracle Auto Service Request Insecure Temporary File Creation Vulnerability
An attacker can use readily available commands to launch attacks.
An attacker can use readily available commands to launch attacks.
Solution / Fix
Oracle Auto Service Request Insecure Temporary File Creation Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Oracle Auto Service Request Insecure Temporary File Creation Vulnerability
References:
References: