CVE-2005-3341

Name of the Vulnerable Software and Affected Versions dhis-tools-dns versions prior to 5.0

Description The issue affects the dhis-tools-dns package, allowing local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh scripts. This can lead to a violation of protected information integrity. The exploitation can be carried out by a local attacker.

Recommendations For versions prior to 5.0, update to version 5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the register-q.sh and register-p.sh scripts until a patch is available. Avoid using these scripts in sensitive operations until the issue is resolved.