VULHUB ™

It is reported that InstallAnywhere is prone to a local insecure temporary file handling symbolic link vulnerability. This issue is due to an error that allows the application to insecurely create a file with a predictable name in the '/tmp' directory. A successful attack can eventually allow a local attacker to gain super user privileges. Versions 5.0.6 and 5.0.7 are reported vulnerable. Other versions may also be affected by this issue.

It is reported that InstallAnywhere is prone to a local insecure temporary file handling symbolic link vulnerability. This issue is due to an error that allows the application to insecurely create a file with a predictable name in the '/tmp' directory. A successful attack can eventually allow a local attacker to gain super user privileges. Versions 5.0.6 and 5.0.7 are reported vulnerable. Other versions may also be affected by this issue.