WmFrog Insecure Temporary File Creation Vulnerability
TITLE: WmFrog Insecure Temporary File Creation Vulnerability
CLASS: Race Condition Error
CVE:
REMOTE: No
LOCAL: Yes
PUBLISHED: Jun 18 2007 12:00AM
UPDATE: Jun 18 2007 12:00AM
CREDIT: The vendor reported this issue.
VULNERABLE:
wmFrog Weather Monitor 0.1.6NOT VULNERABLE:
wmFrog Weather Monitor 0.2
Vai alla pagina originale su Security Focus
Discussion
The WmFrog application creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
An attacker may leverage this issue to corrupt or overwrite arbitrary files with the privileges of an unsuspecting user that activated the affected application. It has been reported that this issue can be exploited to escalate privileges.
WmFrog versions prior to 0.2.0 are vulnerable to this issue.
Exploit
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
Solution
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
References:
- Changes Version 0.2.0 (WmFrog)
- wmFrog Home Page (wmFrog)