CVE-2008-4969

Name of the Vulnerable Software and Affected Versions ltp-network-test version 20060918

Description The issue allows local users to overwrite arbitrary files via a symlink attack on several temporary files, including /tmp/vsftpd.conf, /tmp/udp/2/, /tmp/tcp/2/, /tmp/udp/3/, /tmp/tcp/3/, /tmp/nfs fsstress.udp.2.log, /tmp/nfs fsstress.udp.3.log, /tmp/nfs fsstress.tcp.2.log, /tmp/nfs fsstress.tcp.3.log, and /tmp/nfs fsstress.sardata. This is related to the ftp setup vsftp conf and nfs fsstress.sh scripts.

Recommendations As a temporary workaround, consider restricting access to the temporary files in /tmp to minimize the risk of exploitation. Avoid using the ftp setup vsftp conf and nfs fsstress.sh scripts until the issue is resolved. Restrict write access to the affected temporary files to prevent arbitrary file overwrites. At the moment, there is no information about a newer version that contains a fix for this vulnerability.