CPlay Insecure Temporary File Handling Symbolic Link Vulnerability

info
discussion
exploit
solution
references

CPlay Insecure Temporary File Handling Symbolic Link Vulnerability

It is reported that cplay is prone to a local insecure temporary file handling symbolic link vulnerability. This issue is due to a design error that allows the application to insecurely write to a temporary file that is created with a predictable file name. The cplay utility will write to this file before verifying its existence; this would facilitate a symbolic link attack.