CVE-2008-4941

Name of the Vulnerable Software and Affected Versions arb-common version 0.0.20071207.1

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, related to the arb fastdnaml and dszmconnect.pl scripts. Specifically, the attack can target the following files: /tmp/arb fdnaml *, /tmp/arb pids *, /tmp/arbdsmz.html, and /tmp/arbdsmz.htm.

Recommendations For arb-common version 0.0.20071207.1, consider restricting access to the temporary files /tmp/arb fdnaml *, /tmp/arb pids *, /tmp/arbdsmz.html, and /tmp/arbdsmz.htm to prevent a symlink attack. Additionally, as a temporary workaround, consider disabling the arb fastdnaml and dszmconnect.pl scripts until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.