aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####, (b) /tmp/#####.intro, (c) /tmp/aegis.#####.ae, (d) /tmp/aegis.#####, (e) /tmp/aegis.#####.1, (f) /tmp/aegis.#####.2, (g) /tmp/aegis.#####.log, and (h) /tmp/aegis.#####.out temporary files, related to the (1) bng_dvlpd.sh, (2) bng_rvwd.sh, (3) awt_dvlp.sh, (4) awt_intgrtn.sh, and (5) aegis.cgi scripts.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-11-05T14:51:00
Updated: 2017-08-07T12:57:01
Reserved: 2008-11-05T00:00:00
Link: CVE-2008-4938
JSON object: View
NVD Information
Status : Modified
Published: 2008-11-05T15:00:14.853
Modified: 2017-08-08T01:33:00.517
Link: CVE-2008-4938
JSON object: View
Redhat Information
No data.
CWE