Vulnerability discovered by Eric Romang the 2005-05-27
Vendor notified the 2005-06-06
Vulnerability disclosure the 2005-07-04
Affected version(s) :
keg before or equal to 2005-06-05 22:03
Eksperymentalny Klient Gadu-Gadu (EKG) contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the czyjest and handle_keypress() functions in the contrib/scripts/linki.py script creating temporary files insecurely. It is possible for a user to use a symlink style attack from a critical EKG file to the /tmp/rmrmg_ekg_url file. When EKG is run, the temporary symlink file is activated with the privileges of the user running EKG, resulting in a loss of integrity.