Ads ncompress Insecure Temporary File Creation Wednesday, 21 September 2005 Summary "ncompress implement a fast, simple LZW file compression algorithm." ncompress creates a temporary file with a file name that can be easily guessed, this allows local attackers perform on it a symbolic link attack. Credit: The information has been provided by ZATAZ Audits . The original article can be found at: http://www.zataz.net/adviso/ncompress-09052005.txt Details Vulnerable Systems: * ncompress version 4.2.4-r1 and prior ncompress creates temporary files in an insecure manner in the script files of "gzexe.in", "zdiff.in", and "znew.in". An attacker can create a race condition using a symbolic link attack and overwrite arbitrary files on the system with the privileges of the user that executing the scripts. CVE Information: CAN-2004-0970   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.