CVE-2008-4971

Name of the Vulnerable Software and Affected Versions mafft version 6.240

Description The issue allows local users to overwrite arbitrary files via a symlink attack on several temporary files in the /tmp directory, including (1) /tmp/ vf#?????, (2) /tmp/ if#?????, (3) /tmp/ pf#?????, (4) /tmp/ af#?????, (5) /tmp/ rid#?????, (6) /tmp/ res#?????, (7) /tmp/ q#?????, and (8) /tmp/ bf#?????.

Recommendations For version 6.240, consider restricting access to the temporary files in the /tmp directory to minimize the risk of exploitation. As a temporary workaround, avoid using the mafft-homologs feature in mafft until a patch is available.