plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/.
Software | From | Fixed in |
---|---|---|
stephenjungels / plait | - | 1.5.2.x |
stephenjungels / plait | 0.50 | 0.50.x |
stephenjungels / plait | 0.51 | 0.51.x |
stephenjungels / plait | 0.52 | 0.52.x |
stephenjungels / plait | 0.53 | 0.53.x |
stephenjungels / plait | 0.54 | 0.54.x |
stephenjungels / plait | 0.55 | 0.55.x |
stephenjungels / plait | 0.55.1 | 0.55.1.x |
stephenjungels / plait | 0.55.2 | 0.55.2.x |
stephenjungels / plait | 0.99 | 0.99.x |
stephenjungels / plait | 1.0 | 1.0.x |
stephenjungels / plait | 1.1 | 1.1.x |
stephenjungels / plait | 1.1.1 | 1.1.1.x |
stephenjungels / plait | 1.2.1 | 1.2.1.x |
stephenjungels / plait | 1.3 | 1.3.x |
stephenjungels / plait | 1.4 | 1.4.x |
stephenjungels / plait | 1.4.1 | 1.4.1.x |
stephenjungels / plait | 1.4.2 | 1.4.2.x |
stephenjungels / plait | 1.5 | 1.5.x |
stephenjungels / plait | 1.5.1 | 1.5.1.x |