CVE-2004-2097

Name of the Vulnerable Software and Affected Versions SuSE Linux version 9.0

Description The issue allows local users to overwrite arbitrary files via a symlink attack on several temporary files created by various scripts. These scripts include fvwm-bug, which creates /tmp/fvwm-bug, wm-oldmenu2new, which creates /tmp/wmmenu, x11perfcomp, which creates /tmp/rates, xf86debug, which creates /tmp/xf86debug.1.log, winpopup-send.sh, which creates /tmp/.winpopup-new, and lvmcreate initrd, which creates /tmp/initrd.

Recommendations For SuSE Linux version 9.0, consider restricting access to the temporary files created by these scripts to prevent a symlink attack. As a temporary workaround, consider disabling the execution of these scripts until a patch is available. Restrict access to the /tmp directory to minimize the risk of exploitation.