CVE-2008-4191 Information

Description

extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496431 http://dev.gentoo.org/~rbu/security/debiantemp/emacspeak http://secunia.com/advisories/31880 http://secunia.com/advisories/32071 http://www.openwall.com/lists/oss-security/2008/10/30/2 http://www.securityfocus.com/bid/31241 https://bugs.gentoo.org/show_bug.cgi?id=235770 https://bugzilla.redhat.com/show_bug.cgi?id=460435 https://exchange.xforce.ibmcloud.com/vulnerabilities/45237 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00010.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00012.html