CVE-2008-4950

Name of the Vulnerable Software and Affected Versions dpkg-cross version 2.3.0

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. The vendor disputes this issue, stating that it only occurs under specific cross-building environments within a chroot.

Recommendations For dpkg-cross version 2.3.0, consider restricting access to the temporary file tmp/gccross2.log to prevent a symlink attack until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.