The (1) mkxmltype and (2) mkdtskel scripts in XML-DT prior to 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xml-dt project xml-dt 0.60 |
||
xml-dt project xml-dt 0.62 |
||
xml-dt project xml-dt |
||
xml-dt project xml-dt 0.61 |