CVE-2010-4173

Name of the Vulnerable Software and Affected Versions libsdp versions 1.1.104 and earlier

Description The default configuration of libsdp.conf in libsdp creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log temporary file.

Recommendations For versions 1.1.104 and earlier, consider changing the default log file location from /tmp to a more secure directory to prevent local users from overwriting arbitrary files. As a temporary workaround, restrict access to the /tmp directory to minimize the risk of exploitation.