Helmut Grohne

**Name of the Vulnerable Software and Affected Versions** heimdal versions 7.7.1 through 7.8.0 **Description** The issue is related to the implementation of the Kerberos5 protocol in heimdal, specifically concerning incorrect validation of message integrity codes. This can allow a remote attacker to cause a logical inversion, resulting in the validation of message integrity codes in gssapi/arcfour to be inverted. **Recommendations** For heimdal versions 7.7.1 through 7.8.0, consider applying the original fix for the issue without the logic inversion, which includes changing memcmp to be constant time and adding "!= 0" comparisons to the result of memcmp. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: git-extras version 1.7.0 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort. This is related to the git-changelog utility in git-extras. Recommendations: For git-extras version 1.7.0, consider restricting access to the git-changelog utility until a patch is available, and avoid using the /tmp/changelog and /tmp/.git-effort files in a way that could be exploited by a symlink attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ace versions prior to 6.2.7+dfsg-2 **Description** The issue allows attackers to gain elevated privileges due to the generation of predictable file names in the /tmp directory by the generate doygen.pl script. **Recommendations** For versions prior to 6.2.7+dfsg-2, update to version 6.2.7+dfsg-2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Crossroads version 2.81 **Description** The issue arises from improper handling of the /tmp directory during the build process of xr, allowing a local attacker to create a world-writable subdirectory in a specific location under /tmp. The attacker can then wait for a user process to copy xr into this subdirectory and subsequently replace the contents with a Trojan horse version of xr. **Recommendations** For Crossroads version 2.81, consider restricting access to the /tmp directory to prevent unauthorized modifications, and ensure that user processes copying xr into /tmp use secure and isolated temporary directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kamailio versions prior to 4.3.0 **Description** The issue concerns the kamcmd administrative utility and its default configuration in Kamailio, which utilizes the /tmp/kamailio ctl directory. **Recommendations** For versions prior to 4.3.0, consider updating to version 4.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** kamailio versions prior to 4.2.0-2 **Description** The issue allows local users to gain privileges due to a problem in the kamailio build process. **Recommendations** For versions prior to 4.2.0-2, update to version 4.2.0-2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** localepurge versions prior to 0.7.3.2 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack. This is due to the use of tempfile to create a safe temporary file, but appending a suffix to the original filename and writing to this new filename. **Recommendations** For versions prior to 0.7.3.2, update to version 0.7.3.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** kamailio version 4.0.1 **Description** The issue is related to an insecure temporary file vulnerability. It also involves an unlimited file upload vulnerability of a dangerous type in the SIP server, which can be exploited by a remote attacker to upload or transfer untrusted files to the `/tmp/kamailio fifo` location. **Recommendations** For kamailio version 4.0.1, consider restricting access to the `/tmp/kamailio fifo` directory to prevent exploitation. Additionally, as a temporary workaround, restrict the ability to upload files to this location until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FusionForge versions 5.0 through 5.2 **Description** The issue allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a symlink or hard link attack on certain files. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out by a local attacker. **Recommendations** For FusionForge versions 5.0 through 5.2, consider restricting access to the affected files, such as contrib/gforge-3.0-cronjobs.patch, cronjobs/homedirs.php, and others, to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** texlive-extra-utils version 2011.20120322 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file when latex2man is used with the H or T option. **Recommendations** For texlive-extra-utils version 2011.20120322, consider avoiding the use of the H or T option with latex2man until a fix is available, or apply any available configuration changes that restrict access to temporary files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** KDE versions 3.5.5 through 3.5.9 kdelibs versions prior to 4.0 **Description** The issue allows local users to cause a denial of service and possibly execute arbitrary code via user-influenceable input that cause start kdeinit to send SIGUSR1 signals to other processes. Exploitation of the vulnerability may lead to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For KDE versions 3.5.5 through 3.5.9, consider removing the setuid root bit from start kdeinit to prevent exploitation. For kdelibs versions prior to 4.0, update to version 4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the start kdeinit command to minimize the risk of exploitation.