• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Esearch eupdatedb Symbolic Link Vulnerability

It has been reported that eupdatedb, an esearch utility is affected by a symbolic link vulnerability. This issue is due to a failure of the application to properly handle temporary file creation.

An attacker can leverage this vulnerability to create an arbitrary file with the permissions of an unsuspecting user that has activated the vulnerable utility; facilitating a number of possible attacks.