CVE-2008-4966

https://notcve.org/view.php?id=CVE-2008-4966

linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/snap##### and (b) /tmp/nightly##### temporary files, related to the (1) maysnap and (2) maytest scripts. linux-patch-openswan v2.4.12 permite a usuarios locales sobrescribir ficheros a su elección a través de un ataque de enlace simulado en los ficheros temporales (a) /tmp/snap##### y (b) /tmp/nightly#####, relacionada con la secuencia de comandos (scripts) (1) maysnap y (2) maytest. • http://bugs.debian.org/496376 http://dev.gentoo.org/~rbu/security/debiantemp/linux-patch-openswan http://uvw.ru/report.lenny.txt http://www.openwall.com/lists/oss-security/2008/10/30/2 http://www.securityfocus.com/bid/30918 https://bugs.gentoo.org/show_bug.cgi?id=235770 https://exchange.xforce.ibmcloud.com/vulnerabilities/44823 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •