Exploitation Summary
EIP tracks 1 public exploit for CVE-1999-0730. PoCs published by Thomas Fischbacher.
AI-analyzed exploit summary The exploit leverages a predictable temporary file name in the `zsoelim` utility (part of the man package) to create arbitrary files via symlink manipulation. By pre-creating symlinks in `/tmp` with predictable names, an attacker can trick `zsoelim` into following them and writing to arbitrary locations with the victim's permissions.
Description
The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.
Exploits (1)
The exploit leverages a predictable temporary file name in the `zsoelim` utility (part of the man package) to create arbitrary files via symlink manipulation. By pre-creating symlinks in `/tmp` with predictable names, an attacker can trick `zsoelim` into following them and writing to arbitrary locations with the victim's permissions.