CVE-2008-0666

Name of the Vulnerable Software and Affected Versions Website META Language (WML) version 2.0.11

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files. This includes the /tmp/pe.tmp.$$ temporary file used by wml contrib/wmg.cgi and temporary files used by wml backend/p3 eperl/eperl sys.c.

Recommendations For version 2.0.11, consider restricting access to the temporary files used by wml contrib/wmg.cgi and wml backend/p3 eperl/eperl sys.c to prevent a symlink attack. As a temporary workaround, consider disabling the use of temporary files in these components until a patch is available.