CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.1%
Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in
Python 2.4.5 might allow local users to overwrite arbitrary files via a
symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be
common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted
directory.
Author | Note |
---|---|
mdeslaur | example script only |
jdstrand | shipped in /usr/share/doc/python2.[45]/examples in 8.04 |