CVE-2008-4108

Name of the Vulnerable Software and Affected Versions move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5

Description The issue allows local users to potentially overwrite arbitrary files via a symlink attack on a temporary file named tmp$RANDOM.tmp. It is noted that there may not be common usage scenarios where tmp$RANDOM.tmp is located in an untrusted directory.

Recommendations For move-faqwiz.sh in Python 2.4.5, consider restricting access to the tmp directory to prevent symlink attacks on the tmp$RANDOM.tmp temporary file until a more permanent solution is available.