Stefan Nordhausen

Name of the Vulnerable Software and Affected Versions: Net-Acct versions prior to 0.71 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, specifically through the `write list` and `dump curr list` functions. Recommendations: For versions prior to 0.71, update to version 0.71 or later to resolve the issue. As a temporary workaround, consider restricting access to the `write list` and `dump curr list` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SuSE Linux version 7.3Pro **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the .java wrapper temporary file, which is created by SuSEconfig.javarunt in the javarunt package. **Recommendations** For SuSE Linux version 7.3Pro, consider restricting access to the javarunt package to minimize the risk of exploitation. As a temporary workaround, avoid using SuSEconfig.javarunt until a patch is available.

**Name of the Vulnerable Software and Affected Versions** susewm package on SuSE Linux 8.2 Pro **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file, which is created by SuSEconfig.susewm. This could potentially lead to unauthorized access or modification of system files. **Recommendations** For susewm package on SuSE Linux 8.2 Pro, consider restricting access to the SuSEconfig.susewm script until a fix is available, and avoid using the script with elevated privileges to minimize potential damage from a symlink attack.