Timeline :
Vulnerability discovered by Eric Romang the 2005-05-31
Vendor notified the 2005-06-15
Vulnerability disclosure the 2005-09-01
Reference(s) :
Affected version(s) :
silc-server before or equal to 1.0
silc-toolkit before or equal to 0.9.12-r3
Description :
SILC Server and Toolkit contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the program creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.