Main Vulnerability Database Vulnerabilities #VU101797

#VU101797 Insecure temporary file in socat - CVE-2024-54661

Published: December 16, 2024

Vulnerability identifier: #VU101797

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-54661

CWE-ID: CWE-377

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
socat

Software vendor:
www.dest-unreach.org

Description

The vulnerability allows a local user to overwrite arbitrary files on the system.

The vulnerability exists due to usage of a predictable temporary file name in readline.sh. A local user can create a symbolic link from the temporary file to an arbitrary files on the system and overwrite it with the application's output, corrupting the file.

Remediation

Install updates from vendor's website.

External links

https://repo.or.cz/socat.git/blob/6ff391324d2d3b9f6bfb58e7d16a20be43b47af7:/readline.sh#l29

#VU101797 Insecure temporary file in socat - CVE-2024-54661

Description

Remediation

External links

Please verify you're human