CVE-2014-0027
https://notcve.org/view.php?id=CVE-2014-0027
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information. La función play_wave_from_socket en audio/auserver.c en Flite 1.4 permite a usuarios locales modificar archivos de forma arbitraria a través de un ataque simlink en /tmp/awb.wav. NOTA: Algunos de estos detalles fueron obtenidos de información de terceros. • http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127748.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127776.html http://seclists.org/oss-sec/2014/q1/59 http://www.mandriva.com/security/advisories?name=MDVSA-2014:032 http://www.osvdb.org/101948 http://www.securityfocus.com/bid/64791 https://bugzilla.redhat.com/show_bug.cgi?id=1048678 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •