CVE-2008-4972

CVE-2008-4972 concerns mailgo in mgt 2.31. The issue allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mailgo##### temporary file, indicating a file- overwrite vulnerability stemming from improper handling of temporary files. The CVSS data (NVD) describe a Local attac...

CVE-2008-4970

CVE-2008-4970 affects the Lustre file system: the runiozone component on Lustre 1.6.5 allows a local user to overwrite arbitrary files through a symlink race against the temporary file /tmp/iozone.log. The underlying issue is a local-file overwrite via a symlink attack. Exploitation is local and ...

CVE-2008-4968

The CVE-2008-4968 entry concerns lmbench (version 3.0-a7) where the rccs and STUFF scripts insecurely handle /tmp/sdiff.##### temporary files, enabling local attackers to perform symlink attacks and overwrite arbitrary files with the invoking user’s privileges. Documentation consistently cites lo...

CVE-2008-4965

The CVE-2008-4965 entry affects liguidsoap 0.3.8.1+2 where a local user can overwrite arbitrary files via a symlink attack against temporary files (/tmp/liguidsoap.liq, /tmp/lig.#####.log, /tmp/emission.ogg). The root cause is insecure temporary file handling that permits symlink manipulation, en...

CVE-2008-4987

Xastir 1.9.2 is vulnerable to a local privilege issue: a symlink attack can overwrite arbitrary files via /tmp/ldconfig.tmp, /tmp/ldconf.tmp, and /tmp/ld.so.conf, related to the get-maptools.sh and get_shapelib.sh scripts. CVSS 2.0 base score 6.9 (LOCAL, MEDIUM). Fedora advisories FEDORA-2008-726...

CVE-2008-4986

CVE-2008-4986 affects wims 3.62, enabling local users to overwrite arbitrary files via a symlink attack targeting temporary files: /tmp/env#####, /tmp/sed#####, and /tmp/referer-home.log. The issue is related to the coqweb and account.sh scripts. The connected records reiterate the same vulnerabi...

CVE-2008-4974

CVE-2008-4974 affects rrdedit in netmrg 0.20. The issue allows a local attacker to overwrite arbitrary files via a symlink attack on temporary files under /tmp (*/.xml and */.backup). Root cause is a local-file write vulnerability tied to symlink handling in rrdedit, enabling manipulation of file...

CVE-2008-4987

xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the a /tmp/ldconfig.tmp, b /tmp/ldconf.tmp, and c /tmp/ld.so.conf temporary files, related to the 1 get-maptools.sh and 2 getshapelib.sh scripts...

CVE-2008-4985

vdrleaktest in Video Disk Recorder aka vdr-dbg or vdr 1.6.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/memleaktest.log temporary file...

CVE-2008-4956

fwbinstall in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent. temporary file...

CVE-2008-4959

geo-code in gpsdrive-scripts 2.10pre4 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/geo.google, 2 /tmp/geo.yahoo, 3 /tmp/geo.coords, and 4 /tmp/geo.coords temporary files...

CVE-2008-4953

firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/.firehol-tmp--- and 2 /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824PID-RANGE symlinks...

CVE-2008-4954

mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/debugbuf temporary file...

CVE-2008-4956

fwbinstall in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent. temporary file...

CVE-2008-4950

gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments...

CVE-2008-4953

firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/.firehol-tmp--- and 2 /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824PID-RANGE symlinks...

CVE-2008-4947

dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file...

CVE-2008-4943

bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the a /tmp/error.txt, b /tmp/errores.txt, and possibly other temporary files, related to the 1 creabulmafact, 2 creabulmacont, and possibly 3 actualizabulmacont, 4 installbulmages-db, and 5...

CVE-2008-4932

webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web...

CVE-2008-4937

senddoc in OpenOffice.org OOo 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr. temporary file...