CVE-2008-5743 Information

Description

pdfjam creates the (1) pdf90 (2) pdfjoin and (3) pdfnup files with a predictable name which allows local users to overwrite arbitrary files via a symlink attack.

Reference

http://secunia.com/advisories/33278 http://secunia.com/advisories/34312 http://www.openwall.com/lists/oss-security/2008/12/19/3 http://www.securityfocus.com/bid/32931 https://bugzilla.novell.com/show_bug.cgi?id=459031 https://exchange.xforce.ibmcloud.com/vulnerabilities/47519 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00484.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00488.html