Description
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.
Affected products
- acme_labs / thttpd2.21b – 2.21b
- acme_labs / thttpd2.23b1 – 2.23b1
References
- VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-883
- VENDOR_ADVISORYhttp://secunia.com/advisories/17472
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2005/2308
- VENDOR_ADVISORYhttp://secunia.com/advisories/17454
- MISChttp://www.securityfocus.com/bid/15320