VULHUB ™

cstrings creates temporary files in an insecure manner using the tempnam() function, potentially creating an exploitable race condition that could be leveraged by a malicious local user. An attacker could leverage this issue by creating a malicious symbolic link (using the name of the anticipated temporary file) that points to another file that is owned by the user who is expected to run with software. When the software is run, it may perform operations on the file pointed to by the symbolic link instead of the legitimate output file. This could theoretically lead to file corruption, most likely resulting in destruction of data and denial of service.

cstrings creates temporary files in an insecure manner using the tempnam() function, potentially creating an exploitable race condition that could be leveraged by a malicious local user. An attacker could leverage this issue by creating a malicious symbolic link (using the name of the anticipated temporary file) that points to another file that is owned by the user who is expected to run with software. When the software is run, it may perform operations on the file pointed to by the symbolic link instead of the legitimate output file. This could theoretically lead to file corruption, most likely resulting in destruction of data and denial of service.