External Control of File Name or Path
CVE-2005-4536
Summary
Mail::Audit module (libmail-audit-perl 2.1-5), when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the "[PID]-audit.log" temporary file.
- LOW
- LOCAL
- NONE
- PARTIAL
- NONE
- NONE
CWE-73 - External Control of File Name or Path
The software allows user input to control or influence paths or file names that are used in filesystem operations.
References
Advisory Timeline
- Published