CVE-2013-3368

N/A Unknown

Published: August 23, 2013 Modified: April 29, 2026

Description

bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html

Source: cve@mitre.org

Patch

http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html

Source: cve@mitre.org

Patch

http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html

Source: cve@mitre.org

Patch

http://secunia.com/advisories/53505

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/53522

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2012/dsa-2670

Source: cve@mitre.org

http://www.osvdb.org/93612

Source: cve@mitre.org

http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html