Dan Mueth ScrollKeeper Tempfile Symbolic Link Vulnerability

Dan Mueth ScrollKeeper is a documentation cataloging system that acts as a middle layer between applications and help browsers.

When ScrollKeeper aware browsers make a call to get a category tree, the list is passed through tempfiles with the permissions of the current user. ScrollKeeper will follow symbolic links when creating these files, potentially allowing an attacker to overwrite files with the permissions of the current user.


 

Privacy Statement
Copyright 2010, SecurityFocus