CVE-2013-0265

Name of the Vulnerable Software and Affected Versions xNBD version 0.1.0

Description The issue allows local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log. This is due to a problem in the redirect stderr function in xnbd common.c in xnbd-server and xndb-wrapper.

Recommendations For xNBD version 0.1.0, consider restricting access to the /tmp/xnbd.log file to prevent symlink attacks until a patch is available. As a temporary workaround, avoid using the redirect stderr function in xnbd common.c to minimize the risk of exploitation.