CVE-2010-1438 Information

Description

Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories which (1) allows local users to cause a denial of service (application outage) by creating a file with a pathname that the product expects is available for its own internal use (2) allows local users to overwrite arbitrary files via symlink attacks on certain files in /tmp (3) might allow local users to delete arbitrary files and directories via a symlink attack on a directory under /tmp and (4) might make it easier for local users to obtain sensitive information by reading files in a directory under /tmp related to (a) lib/wafp_pidify.rb (b) utils/generate_wafp_fingerprint.sh (c) utils/online_update.sh and (d) utils/extract_from_db.sh.

Reference

http://code.google.com/p/webapplicationfingerprinter/issues/detail?id=8 http://www.openwall.com/lists/oss-security/2010/04/27/6 http://www.openwall.com/lists/oss-security/2010/04/28/3 http://www.securityfocus.com/bid/39760