FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

f2c -- insecure temporary files

Affected packages
f2c < 20060506

Details

VuXML ID 43cb40b3-c8c2-11da-a672-000e0c2e438a
Discovery 2005-01-27
Entry 2006-04-10
Modified 2006-08-15

Javier Fernández-Sanguino Peña reports two temporary file vulnerability within f2c. The vulnerabilities are caused due to weak temporary file handling. An attacker could create an symbolic link, causing a local user running f2c to overwrite the symlinked file. This could give the attacker elevated privileges.

References

Bugtraq ID 1280
CVE Name CAN-2005-0017