Stefan Behte

**Name of the Vulnerable Software and Affected Versions** Ignite Realtime Openfire version 3.6.2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via various parameters to different API endpoints, including "/logviewer.jsp", "/log.jsp", "/group-summary.jsp", "/user-properties.jsp", "/audit-policy.jsp", "/server-properties.jsp", and "/muc-room-edit-form.jsp". The vulnerable parameters include `log`, `search`, `username`, `logDir`, `maxTotalSize`, `maxFileSize`, `maxDays`, `logTimeout`, `propName`, `roomconfig roomname`, and `roomconfig roomdesc`. This can potentially be leveraged for arbitrary code execution by using the injected script to upload a malicious plugin. **Recommendations** For Ignite Realtime Openfire version 3.6.2, update to a newer version that contains a fix for this issue to prevent arbitrary code execution and cross-site scripting attacks. As a temporary workaround, consider restricting access to the vulnerable API endpoints, such as "/logviewer.jsp", "/log.jsp", "/group-summary.jsp", "/user-properties.jsp", "/audit-policy.jsp", "/server-properties.jsp", and "/muc-room-edit-form.jsp", and avoid using the vulnerable parameters until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Lazarus version 0.9.24 **Description** The issue allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory. **Recommendations** For Lazarus version 0.9.24, as a temporary workaround, consider restricting access to the create lazarus export tgz.sh script until a patch is available. Avoid using the script to prevent potential symlink attacks on temporary files or directories.

**Name of the Vulnerable Software and Affected Versions** initramfs-tools version 0.92f **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the `/tmp/initramfs.debug` temporary file. The vendor disputes this, stating that `init` is used in a single-user context and thus is not exploitable. **Recommendations** For initramfs-tools version 0.92f, consider restricting access to the `/tmp/initramfs.debug` temporary file to prevent potential symlink attacks. As a temporary workaround, avoid using the `init` function in a multi-user context until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** lmbench version 3.0-a7 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a /tmp/sdiff temporary file, specifically affecting the rccs and STUFF scripts in lmbench. **Recommendations** For lmbench version 3.0-a7, consider restricting access to the /tmp/sdiff temporary file to prevent symlink attacks until a patch is available. As a temporary workaround, avoid using the rccs and STUFF scripts in lmbench version 3.0-a7 until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ogle versions 0.9.2 ogle-mmx version 0.9.2 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on several temporary files, including /tmp/ogle audio.#####, /tmp/ogle cli.#####, /tmp/ogle ctrl.#####, /tmp/ogle gui.#####, /tmp/ogle mpeg ps.#####, /tmp/ogle mpeg vs.#####, /tmp/ogle nav.#####, and /tmp/ogle vout.#####, related to various debug scripts. **Recommendations** For ogle version 0.9.2, consider restricting access to the temporary files in /tmp to prevent symlink attacks. For ogle-mmx version 0.9.2, consider restricting access to the temporary files in /tmp to prevent symlink attacks. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** freevo version 1.8.1 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, including (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats. This is only a problem when a verbose debug mode is activated by modifying the source code. **Recommendations** For freevo version 1.8.1, avoid activating the verbose debug mode by modifying the source code until a fix is available. As a temporary workaround, consider restricting access to the temporary files in /tmp to minimize the risk of exploitation.