• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Log4sh Insecure Temporary File Creation Vulnerability

Log4sh creates temporary files in an insecure manner. An attacker will local access could potentially exploit this issue to overwrite files in the context of the application.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. There is also an unconfirmed potential for privilege escalation if the attacker can write custom data in the attack.