CVE-2008-4477

Name of the Vulnerable Software and Affected Versions mon versions 0.99.2

Description The issue affects the mon package in Debian GNU/Linux, potentially leading to breaches of confidentiality, integrity, and availability of protected information. It can be exploited by a local attacker. Specifically, the alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file.

Recommendations For mon version 0.99.2, consider restricting access to the alert.d/test.alert to prevent local users from overwriting arbitrary files until a patch is available. As a temporary workaround, avoid using the test.alert.log temporary file in the affected alert.d/test.alert until the issue is resolved.