CVE-2005-2240

Name of the Vulnerable Software and Affected Versions: xpvm version 1.2.5

Description: The issue allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file. This is related to the xpvm.tcl file in xpvm.

Recommendations: For xpvm version 1.2.5, consider restricting access to the xpvm.tcl file to prevent local users from exploiting the symlink attack vulnerability on the xpvm.trace.$user temporary file. As a temporary workaround, avoid using the xpvm.tcl file until a patch is available.