CVE-2014-1640

axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
Configurations

Configuration 1 (hide)

cpe:2.3:a:debian:axiom:20100701-1.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-01-28 00:55

Updated : 2023-12-10 11:31


NVD link : CVE-2014-1640

Mitre link : CVE-2014-1640

CVE.ORG link : CVE-2014-1640


JSON object : View

Products Affected

debian

  • axiom
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')