Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-4998

** DISPUTED ** postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid."

Related bugs and status

CVE-2008-4998 (Candidate) is related to these bugs:

Bug #261962: tmpfile vunerability

Summary				In	Importance	Status
	261962	tmpfile vunerability		twiki (Ubuntu)	Undecided	Fix Released
	261962	tmpfile vunerability		twiki (Ubuntu Intrepid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008103...
MISC: http://bugs.debian.org...
MISC: https://bugs.gentoo.or...
MISC: https://bugs.gentoo.or...