CVE-2009-0032

Name of the Vulnerable Software and Affected Versions CUPS versions on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0, 4.0, and Multi Network Firewall (MNF) 2.0

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.

Recommendations For CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0, 4.0, and Multi Network Firewall (MNF) 2.0, consider restricting access to the temporary file /tmp/pdf.log to prevent symlink attacks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.