CVE-2008-4943

Name of the Vulnerable Software and Affected Versions bulmages-servers version 0.11.1

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, including /tmp/error.txt and /tmp/errores.txt. This is related to several scripts, including creabulmafact, creabulmacont, and possibly others like actualizabulmacont, installbulmages-db, and actualizabulmafact.

Recommendations For bulmages-servers version 0.11.1, consider restricting access to the temporary files /tmp/error.txt and /tmp/errores.txt to prevent a symlink attack until a patch is available. Additionally, review the scripts creabulmafact, creabulmacont, actualizabulmacont, installbulmages-db, and actualizabulmafact for any potential vulnerabilities and restrict their use if necessary.