The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http_server | Apache | 1.3.31 (including) | 1.3.31 (including) |
References
- http://lists.debian.org/debian-apache/2005/01/msg00076.html
- http://secunia.com/advisories/13925
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18993
- https://usn.ubuntu.com/65-1/
- http://lists.debian.org/debian-apache/2005/01/msg00076.html
- http://secunia.com/advisories/13925
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18993
- https://usn.ubuntu.com/65-1/