CVE-2008-5370

Name of the Vulnerable Software and Affected Versions pvpgn version 1.8.1

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file. This is a result of a flaw in the pvpgn-support-installer component of pvpgn.

Recommendations For pvpgn version 1.8.1, consider restricting access to the temporary file /tmp/pvpgn-support-1.0.tar.gz to prevent a symlink attack until a patch is available. As a temporary workaround, avoid using the pvpgn-support-installer component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.