CVE-2008-4998

Name of the Vulnerable Software and Affected Versions twiki version 4.1.2

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. The vendor disputes this issue, stating it is invalid.

Recommendations For twiki version 4.1.2, consider restricting access to the postinst script to minimize the risk of exploitation. As a temporary workaround, monitor the /tmp/twiki temporary file for any suspicious activity until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.