Pyro PID Files Symbolic Link Arbitrary File Overwrite VulnerabilityAugust 21, 2018 am31 12:24 am

A vulnerability in Pyro could allow an authenticated, remote attacker to overwrite arbitrary files on a targeted system.

The vulnerability is due to improper handling of process identification (.pid) files in temporary directory locations on an affected system. An attacker could exploit this vulnerability via a symbolic link attack on a targeted system. A successful exploit could allow the attacker to overwrite arbitrary files on the system, which could be used to conduct further attacks.

The vendor has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2011-2765

%d bloggers like this: