Description
The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/07/09/8
Issue Tracking x_refsource_confirm
http://bugs.debian.org/489988
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44059
Scores
EPSS
0.0035
EPSS Percentile
27.0%
Details
CWE
CWE-59
Status
published
Products (1)
debian/projectl
1.001
Published
Jul 18, 2008
Tracked Since
Feb 18, 2026