plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Plait | Stephenjungels | * | 1.5.2 (including) |
Plait | Stephenjungels | 0.50 (including) | 0.50 (including) |
Plait | Stephenjungels | 0.51 (including) | 0.51 (including) |
Plait | Stephenjungels | 0.52 (including) | 0.52 (including) |
Plait | Stephenjungels | 0.53 (including) | 0.53 (including) |
Plait | Stephenjungels | 0.54 (including) | 0.54 (including) |
Plait | Stephenjungels | 0.55 (including) | 0.55 (including) |
Plait | Stephenjungels | 0.55.1 (including) | 0.55.1 (including) |
Plait | Stephenjungels | 0.55.2 (including) | 0.55.2 (including) |
Plait | Stephenjungels | 0.99 (including) | 0.99 (including) |
Plait | Stephenjungels | 1.0 (including) | 1.0 (including) |
Plait | Stephenjungels | 1.1 (including) | 1.1 (including) |
Plait | Stephenjungels | 1.1.1 (including) | 1.1.1 (including) |
Plait | Stephenjungels | 1.2.1 (including) | 1.2.1 (including) |
Plait | Stephenjungels | 1.3 (including) | 1.3 (including) |
Plait | Stephenjungels | 1.4 (including) | 1.4 (including) |
Plait | Stephenjungels | 1.4.1 (including) | 1.4.1 (including) |
Plait | Stephenjungels | 1.4.2 (including) | 1.4.2 (including) |
Plait | Stephenjungels | 1.5 (including) | 1.5 (including) |
Plait | Stephenjungels | 1.5.1 (including) | 1.5.1 (including) |
Plait | Ubuntu | upstream | * |