VULHUB ™

An insecure temporary file creation vulnerability exists in the implementation of the vi editor included with some versions of SCO OpenServer. The editor creates temporary files in /tmp without checking if the file already exists, using easily predictible names. As a result, it may be possible for a malicious user with local access to a host to cause local files to be overwritten, using a symbolic link attack.

An insecure temporary file creation vulnerability exists in the implementation of the vi editor included with some versions of SCO OpenServer. The editor creates temporary files in /tmp without checking if the file already exists, using easily predictible names. As a result, it may be possible for a malicious user with local access to a host to cause local files to be overwritten, using a symbolic link attack.