CVE-2008-4943 Information

Description

bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/error.txt (b) /tmp/errores.txt and possibly other temporary files related to the (1) creabulmafact (2) creabulmacont and possibly (3) actualizabulmacont (4) installbulmages-db and (5) actualizabulmafact scripts.

Reference

http://bugs.debian.org/496382 http://dev.gentoo.org/~rbu/security/debiantemp/bulmages-servers http://www.openwall.com/lists/oss-security/2008/10/30/2 https://bugs.gentoo.org/show_bug.cgi?id=235770