Chip Salzenberg Deliver allows local users to cause a denial of service, obtain sensitive information, and possibly change the ownership of arbitrary files via a symlink attack on an unspecified file.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Deliver | Chip_salzenberg | 2.1.14 (including) | 2.1.14 (including) |
Deliver | Ubuntu | dapper | * |