CVE-2008-4192 – Adobe Flash Player - AVM Verification Logic Array Indexing Code Execution

https://notcve.org/view.php?id=CVE-2008-4192

The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file. La función pserver_shutdown en fence_egenera en cman versiones 2.20080629 y 2.20080801, permite a los usuarios locales sobrescribir archivos arbitrarios por medio de un ataque de tipo symlink en el archivo temporal /tmp/eglog. • https://www.exploit-db.com/exploits/19295 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410 http://dev.gentoo.org/~rbu/security/debiantemp/cman http://secunia.com/advisories/31887 http://secunia.com/advisories/32387 http://secunia.com/advisories/32390 http://secunia.com/advisories/43362 http://uvw.ru/report.lenny.txt http://www.openwall.com/lists/oss-security/2008/09/18/3 http://www.openwall.com/lists/oss-security/2008/09/24/2 http://www.openwall • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •