Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-5007

create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008103...
CONFIRM: http://bugs.debian.org...
CONFIRM: http://dev.gentoo.org/...
CONFIRM: https://bugs.gentoo.or...
CONFIRM: https://bugs.gentoo.or...
MISC: http://uvw.ru/report.l...
BID: 30917
CONFIRM: http://code.google.com...
XF: lazarussrc-createlazar...

Launchpad.net

CVE 2008-5007

Related bugs

References