RSS   Vulnerabilities for 'Syncevolution'   RSS

2014-01-27
 
CVE-2014-1639

CWE-59
 

 
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.

 

 >>> Vendor: Debian 97 Products
Qpopper
Debian linux
Netkit
Cfingerd
TIN
Horde
Elvis tiny
Sgml-tools
Netstd
Internet message
Mailscanner
Mime-support
FSP
Strongswan
Lintian
Shadow-utils
Debmake
Tetex-bin
Sympa
DPKG
Bsmtpd
Toolchain-source
PPXP
Reportbug
Turba
Apt-cacher
FUSE
TOR
Apt-setup
Backupninja
Kernel-patch-vserver
Libmail-audit-perl
Amaya
Base-config
Apache
GFAX
Debian-goodies
Reprepro
Duplicity
Guilt
UNP
Apt-listchanges
TSS
Aptlinex
Projectl
Honeyd common
Citadel server
Python-dns
Xsabre
FETA
Dpkg-cross
Myspell
Newsgate
Initramfs-tools
Os-prober
LTP
Shadow
Horde imp
Horde groupware
Nss-ldap
APT
Libdbd-pg-perl
Devscripts
Mono-debugger
Tex-common
Apache2
Texlive-extra-utils
Php5-common
Logol
Devotee
Cifs-utils
Trousers
Bsdmainutils
LATD
Txt2man
Adequate
Localepurge
Syncevolution
Axiom
Advanced package tool
Ppthtml
Xbuffy
Dpkg-dev
Kde4libs
Python-imaging
Exuberant ctags
Hivex
Dbd-firebird
Unattended-upgrades
Xbindkeys-config
Ftpsync
Postgresql-common
Devscript
Crossroads
Tmpreaper
Debian-lan-config
PERM


Copyright 2024, cxsecurity.com

 

Back to Top