CVE-2008-5157

Name of the Vulnerable Software and Affected Versions tau version 2.16.4

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, specifically (1) /tmp/makefile.tau.* or (2) /tmp/makefile.tau*. This is related to the tau cxx, tau f90, and tau cc scripts.

Recommendations For tau version 2.16.4, consider restricting access to the tau cxx, tau f90, and tau cc scripts until a patch is available. As a temporary workaround, avoid using these scripts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.