Raspberry Pi Firmware Updater Vulnerability
Application:
https://github.com/Hexxeh/rpi-update/
Version Tested:
Github source as of 10ad1e975a (10th Feb commit)
Vulnerability #1:
A malicious user can clobber any file due to insecure tmp file handling.
Example:
Any unprivileged user can create
Product Affected
Updater for McAfee Virusscan Command Line 6.0
This product is available attached to this document:
https://kc.mcafee.com/corporate/index?page=contentid=KB67513
As far as can be determined, there has only ever been one version of this
application.
Background
It is stated by