VULHUB ™

Legato NetWorker has been reported prone to a Symbolic link vulnerability. The issue presents itself, because a NetWorker script creates temporary files in an insecure manner. To exploit this issue, a local attacker may create many symbolic links in the "tmp" directory, each of these links will point to an arbitrary file that the attacker wishes to target. When the vulnerable script is invoked, operations that were supposed for the temporary file will be carried out on the file that is linked by the malicious symbolic link.

Legato NetWorker has been reported prone to a Symbolic link vulnerability. The issue presents itself, because a NetWorker script creates temporary files in an insecure manner. To exploit this issue, a local attacker may create many symbolic links in the "tmp" directory, each of these links will point to an arbitrary file that the attacker wishes to target. When the vulnerable script is invoked, operations that were supposed for the temporary file will be carried out on the file that is linked by the malicious symbolic link.