Debian xcfa Package Race Condition Multiple Insecure Temporary File Handling Vulnerabilities
BID:69020
CVE-2014-5254 | CVE-2014-5255 |Info
Debian xcfa Package Race Condition Multiple Insecure Temporary File Handling Vulnerabilities
| Bugtraq ID: | 69020 |
| Class: | Race Condition Error |
| CVE: |
CVE-2014-5254 CVE-2014-5255 |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 31 2014 12:00AM |
| Updated: | Aug 19 2014 12:31AM |
| Credit: | Steve Kemp |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Debian xcfa Package Race Condition Multiple Insecure Temporary File Handling Vulnerabilities
xcfa is prone to multiple insecure temporary file-handling vulnerabilities.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Other attacks may also be possible.
xcfa is prone to multiple insecure temporary file-handling vulnerabilities.
An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Other attacks may also be possible.
Exploit / POC
Debian xcfa Package Race Condition Multiple Insecure Temporary File Handling Vulnerabilities
An attacker can use readily available commands to exploit this issue.
An attacker can use readily available commands to exploit this issue.
Solution / Fix
Debian xcfa Package Race Condition Multiple Insecure Temporary File Handling Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Debian xcfa Package Race Condition Multiple Insecure Temporary File Handling Vulnerabilities
References:
References: