CVE-2014-5260
xml-dt < 0.64 - Arbitrary File Overwrite via Symlink Attack on Temporary File
Title source: llmDescription
The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
https://metacpan.org/source/AMBS/XML-DT-0.66/Changes
Issue Tracking x_refsource_confirm
https://bugs.debian.org/756566
Various Sources x_refsource_confirm
https://metacpan.org/diff/file?target=AMBS/XML-DT-0.64/&source=AMBS/XML-DT-0.63/
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2014/08/15/8
Scores
EPSS
0.0035
EPSS Percentile
26.5%
Details
CWE
CWE-59
Status
published
Products (4)
xml-dt_project/xml-dt
0.60
xml-dt_project/xml-dt
0.61
xml-dt_project/xml-dt
0.62
xml-dt_project/xml-dt
< 0.63
Published
Aug 16, 2014
Tracked Since
Feb 18, 2026