Launchpad.net

CVE 2008-5146

add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.

See the CVE page on Mitre.org for more details.