VULHUB ™

jmcce is program supporting chinese language input from a wide variety of devices. It includes functionality similar to JMCE and CCE. jmcce creates a log file in the /tmp directory with a predictable name. An attacker may create a symbolic link as this name prior to jmcce executing. As jmcce does not check for the existance of this file, the target of the symbolic link will be overwritten. As jmcce generally runs as the root user, this could lead to arbitrary files on the system being overwritten.

jmcce is program supporting chinese language input from a wide variety of devices. It includes functionality similar to JMCE and CCE. jmcce creates a log file in the /tmp directory with a predictable name. An attacker may create a symbolic link as this name prior to jmcce executing. As jmcce does not check for the existance of this file, the target of the symbolic link will be overwritten. As jmcce generally runs as the root user, this could lead to arbitrary files on the system being overwritten.