CVE-2014-5260

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2014-5260

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-5260.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2014-5260

Downstream

DEBIAN-CVE-2014-5260

MGASA-2014-0390

Published

2014-08-16T04:39:55Z

Modified

2026-04-16T06:22:39.315200161Z

Summary

[none]

Details

The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/xml##### temporary file.

References

http://openwall.com/lists/oss-security/2014/08/15/8
https://bugs.debian.org/756566
https://metacpan.org/diff/file?target=AMBS/XML-DT-0.64/&source=AMBS/XML-DT-0.63/
https://metacpan.org/source/AMBS/XML-DT-0.66/Changes

CVE-2014-5260

Affected packages