CVE-2008-5135

Name of the Vulnerable Software and Affected Versions os-prober version 1.17

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/mounted-map or /tmp/raided-map temporary file. The vendor disputes this issue, stating that the insecure code path should only ever run inside a d-i environment, which has no non-root users.

Recommendations For os-prober version 1.17, as a temporary workaround, consider restricting access to the /tmp/mounted-map and /tmp/raided-map temporary files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.