buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Fedora_core |
Redhat |
f7 |
f7 |
References