FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ekg -- insecure temporary file creation

Affected packages
pl-ekg < 1.6r2,1

Details

VuXML ID 9a035a56-eff0-11d9-8310-0001020eed82
Discovery 2005-07-05
Entry 2005-07-08
Modified 2005-07-31

Eric Romang reports that ekg creates temporary files in an insecure manner. This can be exploited by an attacker using a symlink attack to overwrite arbitrary files and possibly execute arbitrary commands with the permissions of the user running ekg.

References

Bugtraq ID 14146
CVE Name CVE-2005-1916
Message 42CA2DDB.5030606@zataz.net
URL http://bugs.gentoo.org/show_bug.cgi?id=94172