CVE-2008-4996

Name of the Vulnerable Software and Affected Versions initramfs-tools version 0.92f

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. The vendor disputes this, stating that init is used in a single-user context and thus is not exploitable.

Recommendations For initramfs-tools version 0.92f, consider restricting access to the /tmp/initramfs.debug temporary file to prevent potential symlink attacks. As a temporary workaround, avoid using the init function in a multi-user context until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.