CVE-2008-4939

Name of the Vulnerable Software and Affected Versions apertium version 3.0.7

Description The issue allows local users to overwrite arbitrary files via a symlink attack on several temporary files, including /tmp/#####.lex.cc, /tmp/#####.deformat.l, /tmp/#####.reformat.l, /tmp/#####docxorig, /tmp/#####docxsalida.zip, /tmp/#####xlsxembed, /tmp/#####xlsxorig, and /tmp/#####xslxsalida.zip. This is related to the apertium-gen-deformat, apertium-gen-reformat, and apertium scripts.

Recommendations For apertium version 3.0.7, consider restricting access to the temporary files in /tmp to prevent a symlink attack until a patch is available. As a temporary workaround, avoid using the apertium-gen-deformat, apertium-gen-reformat, and apertium scripts that generate these temporary files. At the moment, there is no information about a newer version that contains a fix for this issue.