CVE-2018-17955
15.03.2019, 20:29
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection
| Vendor | Product | Version |
|---|---|---|
| opensuse | yast2-multipath | 𝑥 < 4.1.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-377 - Insecure Temporary FileCreating and using insecure temporary files can leave application and system data vulnerable to attack.
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.