Robert Buchholz

**Name of the Vulnerable Software and Affected Versions** Prewikka version 0.9.14 **Description** The issue allows local users to obtain the SQL database password due to the world-readable permissions of the prewikka.conf file installed by setup.py. **Recommendations** For Prewikka version 0.9.14, consider changing the permissions of the prewikka.conf file to restrict access and prevent unauthorized users from reading the SQL database password.

**Name of the Vulnerable Software and Affected Versions** dstat versions prior to 0.7.0 **Description** The issue allows local users to gain privileges via a Trojan horse Python module in the current working directory or a certain subdirectory of the current working directory. Exploitation of this issue can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out locally. **Recommendations** For versions prior to 0.7.0, update to version 0.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories and monitoring for suspicious activity. Avoid using the vulnerable software until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** printfilters-ppd version 2.13 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. The vendor disputes this issue, stating that the package does not have the possibility of attack with the help of symlinks. **Recommendations** For printfilters-ppd version 2.13, as a temporary workaround, consider restricting access to the /tmp/filter.debug temporary file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** xmcd version 2.6 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file, which is related to the ncsarmt and ncsawrap scripts in xmcd. **Recommendations** For version 2.6, consider restricting access to the ncsarmt and ncsawrap scripts to prevent exploitation until a patch is available. As a temporary workaround, monitor and restrict the creation of symlinks on /tmp/Mosaic.*pid temporary files to minimize the risk of arbitrary file overwrites.

**Name of the Vulnerable Software and Affected Versions** Xen version 3.2.1 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. This is related to the qemu-dm.debug functionality. **Recommendations** For Xen version 3.2.1, consider restricting access to the qemu-dm.debug functionality to minimize the risk of exploitation. As a temporary workaround, avoid using the /tmp/args temporary file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** datafreedom-perl version 0.1.7 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the `/tmp/zenity` temporary file. The vendor disputes this, stating that the vector is solely an example used in the manpage. **Recommendations** For datafreedom-perl version 0.1.7, consider restricting access to the `/tmp/zenity` temporary file to prevent a symlink attack. As a temporary workaround, avoid using the `dfxml-invoice` functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** bk2site version 1.1.9 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file in the redirect.pl script. This is limited to debug mode, which is disabled by default. **Recommendations** For bk2site version 1.1.9, consider disabling debug mode to prevent exploitation of this issue. As a temporary workaround, restrict access to the redirect.pl script and the /tmp/redirect.log file to minimize the risk of arbitrary file overwrites.

**Name of the Vulnerable Software and Affected Versions** wims version 3.62 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, specifically (a) /tmp/env#####, (b) /tmp/sed#####, and (c) /tmp/referer-home.log. This is related to the coqweb and account.sh scripts. **Recommendations** For wims version 3.62, as a temporary workaround, consider restricting access to the coqweb and account.sh scripts until a patch is available. Avoid using the temporary files /tmp/env#####, /tmp/sed#####, and /tmp/referer-home.log in the affected scripts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ltp-network-test version 20060918 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on several temporary files, including /tmp/vsftpd.conf, /tmp/udp/2/*, /tmp/tcp/2/*, /tmp/udp/3/*, /tmp/tcp/3/*, /tmp/nfs fsstress.udp.2.log, /tmp/nfs fsstress.udp.3.log, /tmp/nfs fsstress.tcp.2.log, /tmp/nfs fsstress.tcp.3.log, and /tmp/nfs fsstress.sardata. This is related to the ftp setup vsftp conf and nfs fsstress.sh scripts. **Recommendations** As a temporary workaround, consider restricting access to the temporary files in /tmp to minimize the risk of exploitation. Avoid using the `ftp setup vsftp conf` and `nfs fsstress.sh` scripts until the issue is resolved. Restrict write access to the affected temporary files to prevent arbitrary file overwrites. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** konwert version 1.8 **Description** The issue allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file. This is related to the filters/any-UTF8 in konwert. **Recommendations** For konwert version 1.8, consider restricting access to the temporary files in /tmp to minimize the risk of exploitation. As a temporary workaround, avoid using the filters/any-UTF8 feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** realtimebattle version 1.0.8 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl.robot.log temporary file. **Recommendations** For version 1.0.8, consider restricting access to the /tmp/perl.robot.log file to prevent symlink attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** scilab-bin version 4.1.2 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on various temporary files, including `/tmp/SciLink#####1`, `/tmp/SciLink#####2`, `/tmp/SciLink#####3`, `/tmp/*.#####, /tmp/*.#####.res`, `/tmp/*.#####.err`, and `/tmp/*.#####.diff`. This is related to the `scilink`, `scidoc`, and `scidem` scripts. **Recommendations** For scilab-bin version 4.1.2, consider restricting access to the temporary files in `/tmp` to prevent a symlink attack until a patch is available. As a temporary workaround, avoid using the `scilink`, `scidoc`, and `scidem` scripts that create these temporary files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** radiance version 3R9+20080530 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on several temporary files, including `/tmp/opt.fmt`, `/tmp/out#####.fmt`, `/tmp/tf#####.dat`, `/tmp/gsf#####`, `/tmp/sc#####.sh`, `/tmp/il#####.pic`, `/tmp/tl#####.pic`, `/tmp/ds#####.pic`, `/tmp/tfa#####`, and `/tmp/sed#####`, related to the `optics2rad`, `pdelta`, `dayfact`, and `raddepend` scripts. **Recommendations** For radiance version 3R9+20080530, consider restricting access to the temporary files in `/tmp` to prevent symlink attacks, and avoid using the vulnerable scripts until a patch is available. As a temporary workaround, consider disabling the `optics2rad`, `pdelta`, `dayfact`, and `raddepend` scripts until a fix is provided.

**Name of the Vulnerable Software and Affected Versions** Lustre version 1.6.5 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file. This is related to the runiozone component in Lustre. **Recommendations** For Lustre version 1.6.5, consider restricting access to the /tmp/iozone.log file to prevent symlink attacks until a patch is available. As a temporary workaround, avoid using the runiozone component in Lustre version 1.6.5 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** linuxtrade version 3.65 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/bwk, /tmp/zzz, and /tmp/ggg temporary files. This is related to the linuxtrade.bwkvol, linuxtrade.wn, and moneyam.helper scripts. **Recommendations** For linuxtrade version 3.65, consider restricting access to the temporary files /tmp/bwk, /tmp/zzz, and /tmp/ggg to prevent a symlink attack. Additionally, review the scripts linuxtrade.bwkvol, linuxtrade.wn, and moneyam.helper to ensure they handle temporary files securely.

**Name of the Vulnerable Software and Affected Versions** mailgo in mgt version 2.31 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mailgo##### temporary file. **Recommendations** For mailgo in mgt version 2.31, consider restricting access to the temporary files in /tmp to minimize the risk of exploitation. As a temporary workaround, monitor the /tmp directory for suspicious symlink creations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** netmrg version 0.20 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, specifically (1) /tmp/*.xml and (2) /tmp/*.backup. **Recommendations** For netmrg version 0.20, consider restricting access to the rrdedit function to minimize the risk of exploitation. As a temporary workaround, avoid using the rrdedit function in netmrg until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** newsgate version 1.6 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mmp##### temporary file created by mkmailpost in newsgate. **Recommendations** For newsgate version 1.6, consider restricting access to the mkmailpost function to prevent arbitrary file overwrites until a patch is available. As a temporary workaround, monitor and restrict the use of /tmp/mmp##### temporary files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** linux-patch-openswan version 2.4.12 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, related to the maysnap and maytest scripts. This can be achieved by exploiting the /tmp/snap##### and /tmp/nightly##### temporary files. **Recommendations** For linux-patch-openswan version 2.4.12, consider restricting access to the maysnap and maytest scripts until a patch is available. As a temporary workaround, avoid using the scripts that create the /tmp/snap##### and /tmp/nightly##### temporary files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** rccp version 0.9 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cccp tmp.txt temporary file. This is related to the `delqueueask` function in `rccp`. **Recommendations** For rccp version 0.9, consider restricting access to the `delqueueask` function to prevent exploitation until a patch is available. As a temporary workaround, avoid using the `delqueueask` function in `rccp` to minimize the risk of arbitrary file overwrites.