Title: RVSkin Unspecified Hardlink Arbitrary File Manipulation Local Privilege Escalation
Sep 03, 2013
Sep 02, 2013
RVSkin contains a flaw as the program creates temporary files insecurely. It is possible for a local attacker to use a hardlink attack against any file on the server once logged in via the WHM interface to cause the program to unexpectedly manipulate an arbitrary file and grant elevated privileges to the attacker.
Local Access Required
Loss of Integrity
It has been reported that this issue has been fixed. Upgrade to version 10.84, or higher, to address this vulnerability.