CVE-2008-1570

Name of the Vulnerable Software and Affected Versions policyd-weight version 0.1.14 beta-16

Description The issue is related to a race condition in the create lockpath function, allowing local users to modify or delete arbitrary files. This occurs by creating the LOCKPATH directory and then modifying it after the symbolic link check. The problem is due to an incomplete fix for a previous issue. Additionally, there are multiple vulnerabilities in the policyd-weight package that can lead to breaches of confidentiality, integrity, and availability of protected information, which can be exploited by a local attacker.

Recommendations For policyd-weight version 0.1.14 beta-16, consider disabling the create lockpath function as a temporary workaround until a patch is available. Restrict access to the LOCKPATH directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.