vendor:
Slackware Linux
by:
SecurityFocus
7.2
CVSS
HIGH
Local File Creation Vulnerability
264
CWE
Product Name: Slackware Linux
Affected Version From: Slackware Linux
Affected Version To: Slackware Linux
Patch Exists: NO
Related CWE: N/A
CPE: o:slackware:slackware_linux
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2001
Slackware Linux Local File Creation Vulnerability
Slackware Linux contains a configuration error that enables local users to create files in the directory used by the system manual pager ('man') for cache files. Due to the behaviour of the 'man' program, it may be possible for an attacker to create a malicious cache file causing the execution of arbitrary code when another user views a manual page corresponding to that cache file.
Mitigation:
Restrict access to the /usr/man/man7 directory and ensure that only trusted users have access to the directory.