CVE-2008-5394

Name of the Vulnerable Software and Affected Versions shadow version 4.0.18.1 Debian GNU/Linux (affected versions not specified)

Description The issue allows local users to potentially overwrite arbitrary files via a symlink attack on a temporary file. This could lead to disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out by a local attacker.

Recommendations For shadow version 4.0.18.1, consider restricting access to the utmp group to minimize the risk of exploitation. For Debian GNU/Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.