CVE-2008-4987

Name of the Vulnerable Software and Affected Versions xastir version 1.9.2

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, specifically /tmp/ldconfig.tmp, /tmp/ldconf.tmp, and /tmp/ld.so.conf, related to the get-maptools.sh and get shapelib.sh scripts.

Recommendations For xastir version 1.9.2, consider restricting access to the get-maptools.sh and get shapelib.sh scripts until a patch is available, and avoid using these scripts in environments where local users could exploit this issue. As a temporary workaround, consider implementing additional file system permissions to limit the ability of local users to create symlinks to sensitive files.