FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ekg -- insecure temporary file creation

Affected packages
pl-ekg < 1.6r2,1


VuXML ID 9a035a56-eff0-11d9-8310-0001020eed82
Discovery 2005-07-05
Entry 2005-07-08
Modified 2005-07-31

Eric Romang reports that ekg creates temporary files in an insecure manner. This can be exploited by an attacker using a symlink attack to overwrite arbitrary files and possibly execute arbitrary commands with the permissions of the user running ekg.


Bugtraq ID 14146
CVE Name CVE-2005-1916