Linux-HA Heartbeat Insecure Temporary File Creation Vulnerability

Linux-HA Heartbeat Insecure Temporary File Creation Vulnerability

heartbeat creates temporary files in an insecure manner.

A local attacker would most likely take advantage of this vulnerability by creating a malicious symbolic link in a directory where the temporary files will be created. When the program attempts to perform an operation on a temporary file, it will instead perform the operation on the file pointed to by the malicious symbolic link.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.