CVE-2008-5380

Name of the Vulnerable Software and Affected Versions gpsdrive (aka gpsdrive-scripts) version 2.09

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, related to the geo-code and geo-nearest scripts. This can be achieved by exploiting temporary files such as /tmp/geo#####, /tmp/geocaching.loc, /tmp/geo#####., or /tmp/geo..

Recommendations For gpsdrive (aka gpsdrive-scripts) version 2.09, consider restricting access to the geo-code and geo-nearest scripts until a patch is available. As a temporary workaround, avoid using these scripts to minimize the risk of exploitation.