Debian ACE Package Insecure Temporary File Creation Privilege Escalation Vulnerability
BID:69656
Info
Debian ACE Package Insecure Temporary File Creation Privilege Escalation Vulnerability
| Bugtraq ID: | 69656 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 07 2014 12:00AM |
| Updated: | Sep 07 2014 12:00AM |
| Credit: | Helmut Grohne |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Debian ACE Package Insecure Temporary File Creation Privilege Escalation Vulnerability
Debian ACE Package is prone to a privilege escalation vulnerability.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite sensitive files with elevated privileges.
ACE 6.2.7 is vulnerable; other versions may also be affected.
Debian ACE Package is prone to a privilege escalation vulnerability.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite sensitive files with elevated privileges.
ACE 6.2.7 is vulnerable; other versions may also be affected.
Exploit / POC
Debian ACE Package Insecure Temporary File Creation Privilege Escalation Vulnerability
An attacker can use readily available commands to exploit this issue.
An attacker can use readily available commands to exploit this issue.
Solution / Fix
Debian ACE Package Insecure Temporary File Creation Privilege Escalation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Debian ACE Package Insecure Temporary File Creation Privilege Escalation Vulnerability
References:
References: