VULHUB ™

Charities.cron is a gawk script that is intended to run as a daily cron job. Charities.cron creates temporary files insecurely. This condition may be exploited by a local attacker to cause arbitrary files writeable by the cron scheduling daemon process to be written to via symlink attacks. This vulnerability has existed in one form or another through various releases of Charities.cron. Since the most recent version (1.7.0) still uses prediactable temporary filenames, it may be still be possible to exploit this condition.

Charities.cron is a gawk script that is intended to run as a daily cron job. Charities.cron creates temporary files insecurely. This condition may be exploited by a local attacker to cause arbitrary files writeable by the cron scheduling daemon process to be written to via symlink attacks. This vulnerability has existed in one form or another through various releases of Charities.cron. Since the most recent version (1.7.0) still uses prediactable temporary filenames, it may be still be possible to exploit this condition.