extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Emacspeak | Emacspeak_inc | 26.0 (including) | 26.0 (including) |
Emacspeak | Emacspeak_inc | 28.0 (including) | 28.0 (including) |
Emacspeak | Ubuntu | dapper | * |
Emacspeak | Ubuntu | feisty | * |
Emacspeak | Ubuntu | gutsy | * |
Emacspeak | Ubuntu | hardy | * |
Emacspeak | Ubuntu | intrepid | * |
Emacspeak | Ubuntu | upstream | * |