CVE-2008-5156

Name of the Vulnerable Software and Affected Versions systemimager-server version 3.6.3

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, specifically (1) /tmp/.inetd.conf or (2) /tmp/pxe.conf..tmp.

Recommendations For systemimager-server version 3.6.3, consider restricting access to the si mkbootserver function to prevent local users from overwriting arbitrary files until a patch is available. As a temporary workaround, monitor and restrict the creation of symlinks on the mentioned temporary files to minimize the risk of exploitation.