CVE-2002-0137

Name of the Vulnerable Software and Affected Versions CDRDAO versions 1.1.4 through 1.1.5

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file.

Recommendations For versions 1.1.4 and 1.1.5, consider restricting access to the $HOME/.cdrdao configuration file to prevent symlink attacks until a patch is available.