Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID by mustfix.hlinks, (4) /tmp/file.1 and /tmp/file.2 by sas_get, (5) /tmp/file.1 by sas_vars, and (6) /tmp/sgml2html$$tmp /tmp/sgml2html$$tmp1 /tmp/sgml2html$$tmp2 by sglm2html.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
S-PLUS For Unix以不安全方式创建临时文件漏洞
Vulnerability Description
S-PLUS是一款统计分析、绘图和编程工具。 S-PLUS多此建立临时文件不安全,本地攻击者可以利用这个漏洞通过符号链接进行攻击,造成本地拒绝服务或权限提升。 S-PLUS多个脚本和二进制程序在运行时会建立的临时文件使用可猜测文件名,并且没有对文件是否存在进行正确检查,如: splus/6.0/cmd/Sqpe Clobbers /tmp/__F$$: open("/tmp/__F8499", O_RDWR|O_CREAT|O_TRUNC, 0666) = 3 splus/6.0/cmd/PRINT Cl
CVSS Information
N/A
Vulnerability Type
N/A