VULHUB ™

It has been reported that the pxboard script utility shipped with XBoard may be prone to symlink attacks due to insecure temporary file creation. The problem occurs due to the affected script placing a file within the world accessible /tmp directory, and using a predictable naming convention. As a result, an attacker may be capable of placing a symbolic link in the /tmp directory, likely pointing to a critical system file. This will effectively cause the script to carry out an operation on the file pointed to by the link, rather than the expected file.

It has been reported that the pxboard script utility shipped with XBoard may be prone to symlink attacks due to insecure temporary file creation. The problem occurs due to the affected script placing a file within the world accessible /tmp directory, and using a predictable naming convention. As a result, an attacker may be capable of placing a symbolic link in the /tmp directory, likely pointing to a critical system file. This will effectively cause the script to carry out an operation on the file pointed to by the link, rather than the expected file.