CVE-2008-4949

Name of the Vulnerable Software and Affected Versions dist version 3.5

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, specifically (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn#####, related to the patcil and patdiff scripts.

Recommendations For dist version 3.5, consider restricting access to the patcil and patdiff scripts as a temporary workaround until a patch is available. Avoid using the temporary files /tmp/cil#####, /tmp/pdo#####, and /tmp/pdn##### in the affected scripts to minimize the risk of exploitation.