scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/.#####, (e) /tmp/.#####.res, (f) /tmp/.#####.err, and (g) /tmp/.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Scilab-bin | Scilab | 4.1.2 (including) | 4.1.2 (including) |
Scilab | Ubuntu | dapper | * |
Scilab | Ubuntu | gutsy | * |
Scilab | Ubuntu | hardy | * |
Scilab | Ubuntu | intrepid | * |
Scilab | Ubuntu | upstream | * |