The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Tetex-bin |
Debian |
2.0.2 (including) |
2.0.2 (including) |
References