Dmitry E. Oboukhov

Name of the Vulnerable Software and Affected Versions: sgml2x version 1.0.0 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files. Recommendations: For sgml2x version 1.0.0, consider restricting access to temporary files to prevent a symlink attack until a patch is available.

**Name of the Vulnerable Software and Affected Versions** bash-doc versions 3.2 bash versions prior to 4.2 p37 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the aliasconv.sh, aliasconv.bash, and cshtobash scripts. Multiple vulnerabilities in the bash package can lead to disruption of confidentiality, integrity, and availability of protected information, and exploitation can be done locally. **Recommendations** For bash-doc version 3.2, consider restricting access to the aliasconv.sh, aliasconv.bash, and cshtobash scripts until a patch is available. For bash versions prior to 4.2 p37, update to version 4.2 p37 or later to resolve the issue. As a temporary workaround, consider disabling the vulnerable scripts until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ppp version 2.4.4rel **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files. **Recommendations** For ppp version 2.4.4rel, consider updating to a newer version that addresses this issue, or as a temporary workaround, restrict access to the temporary files /tmp/probe-finished and /tmp/ppp-errors to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ppp-udeb version 2.4.4rel **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file. This is related to the `ip-up` functionality in `ppp-udeb` on Debian GNU/Linux. **Recommendations** For ppp-udeb version 2.4.4rel, consider restricting access to the `ip-up` functionality until a patch is available, or apply configuration changes to prevent symlink attacks on temporary files.

**Name of the Vulnerable Software and Affected Versions** muttprint version 0.72d **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file. **Recommendations** For muttprint version 0.72d, consider restricting access to the temporary file /tmp/muttprint.log to prevent a symlink attack until a patch is available.

**Name of the Vulnerable Software and Affected Versions** noip2 version 2.1.7 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file. **Recommendations** For noip2 version 2.1.7, consider restricting access to the /tmp/noip2 temporary file to prevent symlink attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** pvpgn version 1.8.1 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file. This is a result of a flaw in the pvpgn-support-installer component of pvpgn. **Recommendations** For pvpgn version 1.8.1, consider restricting access to the temporary file /tmp/pvpgn-support-1.0.tar.gz to prevent a symlink attack until a patch is available. As a temporary workaround, avoid using the pvpgn-support-installer component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** screenie version 1.30.0 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie temporary file. **Recommendations** For version 1.30.0, consider restricting access to the temporary file /tmp/.screenie to prevent symlink attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** sdm-terminal version 0.4.0b **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file. This is related to the sdm-login component in sdm-terminal. **Recommendations** For version 0.4.0b, consider restricting access to the sdm-login component to minimize the risk of exploitation. As a temporary workaround, avoid using the sdm-login feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** bacula-common version 2.4.2 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx temporary file. **Recommendations** For bacula-common version 2.4.2, update to a version that fixes the issue, as the current version allows local users to overwrite arbitrary files via a symlink attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cmus version 2.2.0 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file. This is related to the cmus-status-display functionality in cmus. **Recommendations** For cmus version 2.2.0, consider restricting access to the /tmp/cmus-status temporary file to prevent symlink attacks until a patch is available. As a temporary workaround, avoid using the cmus-status-display functionality in cmus version 2.2.0.

**Name of the Vulnerable Software and Affected Versions** netdisco-mibs-installer version 1.0 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file. This is related to the netdisco-mibs-install and netdisco-mibs-download scripts. **Recommendations** For netdisco-mibs-installer version 1.0, consider restricting access to the netdisco-mibs-install and netdisco-mibs-download scripts until a patch is available. As a temporary workaround, avoid using these scripts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** gpsdrive (aka gpsdrive-scripts) version 2.09 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, related to the geo-code and geo-nearest scripts. This can be achieved by exploiting temporary files such as /tmp/geo#####, /tmp/geocaching.loc, /tmp/geo#####.*, or /tmp/geo.*. **Recommendations** For gpsdrive (aka gpsdrive-scripts) version 2.09, consider restricting access to the geo-code and geo-nearest scripts until a patch is available. As a temporary workaround, avoid using these scripts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 1.6 through 1.6.8 Moodle versions 1.7 through 1.7.6 Moodle versions 1.8 through 1.8.7 Moodle versions 1.9 through 1.9.3 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the `/tmp/spell-check-debug.log`, `/tmp/spell-check-before`, or `/tmp/spell-check-after` temporary file. This is possible due to a flaw in the `spell-check-logic.cgi` component. **Recommendations** For Moodle versions 1.6 through 1.6.8, update to version 1.6.9 or later. For Moodle versions 1.7 through 1.7.6, update to version 1.7.7 or later. For Moodle versions 1.8 through 1.8.7, update to version 1.8.8 or later. For Moodle versions 1.9 through 1.9.3, update to version 1.9.4 or later.

**Name of the Vulnerable Software and Affected Versions** systemimager-server version 3.6.3 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, specifically (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp. **Recommendations** For systemimager-server version 3.6.3, consider restricting access to the `si mkbootserver` function to prevent local users from overwriting arbitrary files until a patch is available. As a temporary workaround, monitor and restrict the creation of symlinks on the mentioned temporary files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** tau version 2.16.4 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, specifically (1) /tmp/makefile.tau.* or (2) /tmp/makefile.tau*. This is related to the tau cxx, tau f90, and tau cc scripts. **Recommendations** For tau version 2.16.4, consider restricting access to the tau cxx, tau f90, and tau cc scripts until a patch is available. As a temporary workaround, avoid using these scripts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** p3nfs version 5.19 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file. This is related to the bluetooth.rc in p3nfs. **Recommendations** For p3nfs version 5.19, consider restricting access to the bluetooth.rc file to prevent local users from performing a symlink attack on the /tmp/blue.log temporary file. As a temporary workaround, consider monitoring and limiting changes to the /tmp/blue.log file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** os-prober version 1.17 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the `/tmp/mounted-map` or `/tmp/raided-map` temporary file. The vendor disputes this issue, stating that the insecure code path should only ever run inside a d-i environment, which has no non-root users. **Recommendations** For os-prober version 1.17, as a temporary workaround, consider restricting access to the `/tmp/mounted-map` and `/tmp/raided-map` temporary files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tkusr version 0.82 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file. **Recommendations** For tkusr version 0.82, consider restricting access to the temporary file /tmp/tkusr.pgm to prevent symlink attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** tkman version 2.2 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file. **Recommendations** For tkman version 2.2, consider restricting access to the temporary files /tmp/tkman##### and /tmp/ll to prevent a symlink attack until a patch is available.