CVE-2014-5260

The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/xml##### temporary file.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name	Vendor	Start Version	End Version
Xml-dt	Xml-dt_project	*	0.63 (including)
Xml-dt	Xml-dt_project	0.60 (including)	0.60 (including)
Xml-dt	Xml-dt_project	0.61 (including)	0.61 (including)
Xml-dt	Xml-dt_project	0.62 (including)	0.62 (including)
Libxml-dt-perl	Ubuntu	artful	*
Libxml-dt-perl	Ubuntu	lucid	*
Libxml-dt-perl	Ubuntu	precise	*
Libxml-dt-perl	Ubuntu	trusty	*
Libxml-dt-perl	Ubuntu	upstream	*
Libxml-dt-perl	Ubuntu	utopic	*
Libxml-dt-perl	Ubuntu	vivid	*
Libxml-dt-perl	Ubuntu	wily	*
Libxml-dt-perl	Ubuntu	yakkety	*
Libxml-dt-perl	Ubuntu	zesty	*

Potential Mitigations

Follow the principle of least privilege when assigning access rights to entities in a software system.
Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

References

http://openwall.com/lists/oss-security/2014/08/15/8
https://bugs.debian.org/756566
https://metacpan.org/diff/file?target=AMBS/XML-DT-0.64/\u0026source=AMBS/XML-DT-0.63/
https://metacpan.org/source/AMBS/XML-DT-0.66/Changes

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-5260
CWE	https://cwe.mitre.org/data/definitions/59.html

Improper Link Resolution Before File Access ('Link Following')

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References