Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AllCommerce 符号链接漏洞
Vulnerability Description
CVE(CAN) ID: CVE-2001-1146 AllCommerce是EnGarde Secure Linux附带的一款免费,开放源代码的电子商务软件。 其缺省为打开调试模式,但是在调试模式下,AllCommerce会在/tmp目录下创建不安全 的临时文件.由于没有检查目标文件是否存在,而且临时文件名是可以预知的,因此容易受 到符号链接攻击。 攻击者利用这个漏洞,可能造成文件破坏,数据丢失,拒绝服务,或者是提升权限,但 是攻击者必须在本地利用这个漏洞。
CVSS Information
N/A
Vulnerability Type
N/A