An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Link | Tags |
---|---|
https://kb.nomachine.com/TR07U10948 | vendor advisory |
https://kb.nomachine.com/SU07U00247 | release notes |
https://www.ns-echo.com/posts/nomachine_afo.html | exploit |