FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tkdiff -- temporary file symlink privilege escalation

Affected packages
tkdiff < 4.1.1

Details

VuXML ID 93ba13f8-5c41-11db-a5ae-00508d6a62df
Discovery 2005-12-20
Entry 2006-10-15

Javier Fernández-Sanguino Peña reports a vulnerability in tkdiff which allows local users to gain priveleges of the user running tkdiff due to insecure temporary file creation.

References

Bugtraq ID 16064
CVE Name CVE-2005-3343
URL http://secunia.com/advisories/18083
URL http://www.debian.org/security/2005/dsa-927

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.