Skip to main content

External Control of File Name or Path

CVE-2005-4536

Severity Low
Score 2.1/10

Summary

Mail::Audit module (libmail-audit-perl 2.1-5), when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the "[PID]-audit.log" temporary file.

  • LOW
  • LOCAL
  • NONE
  • PARTIAL
  • NONE
  • NONE

CWE-73 - External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.

References

Advisory Timeline

  • Published