FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

heartbeat -- insecure temporary file creation vulnerability

Affected packages
heartbeat < 1.2.4

Details

VuXML ID f6447303-9ec9-11da-b410-000e0c2e438a
Discovery 2005-07-12
Entry 2006-02-16
Modified 2006-04-16

Eric Romang reports a temporary file creation vulnerability within heartbeat. The vulnerability is caused by hardcoded temporary file usage. This can cause an attacker to create an arbitrary symlink causing the application to overwrite the symlinked file with the permissions of the user executing the application.

References

CVE Name CAN-2005-2231
URL http://www.zataz.net/adviso/heartbeat-06272005.txt