CVE-2005-3785

Name of the Vulnerable Software and Affected Versions Ebuild IndeX (eix) versions prior to 0.5.0 pre2

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program. This is a second-order symlink vulnerability in eix-sync.in.

Recommendations For versions prior to 0.5.0 pre2, update to version 0.5.0 pre2 or later to resolve the issue. As a temporary workaround, consider restricting access to the diff-eix program and the exi.X.sync temporary file to minimize the risk of exploitation.