CVE-2008-4997

Name of the Vulnerable Software and Affected Versions datafreedom-perl version 0.1.7

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. The vendor disputes this, stating that the vector is solely an example used in the manpage.

Recommendations For datafreedom-perl version 0.1.7, consider restricting access to the /tmp/zenity temporary file to prevent a symlink attack. As a temporary workaround, avoid using the dfxml-invoice functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.