Debian realtimebattle-common Insecure Temporary File Creation Vulnerability

Bugtraq ID:	30967
Class:	Design Error
CVE:	CVE-2008-4981
Remote:	No
Local:	Yes
Published:	Aug 24 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Dmitry E. Oboukhov
Vulnerable:	Debian realtimebattle-common 1.0.8-7
Not Vulnerable:	Debian realtimebattle-common 1.0.8-8

Debian realtimebattle-common Insecure Temporary File Creation Vulnerability

Debian realtimebattle-common creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Debian realtimebattle-common 1.0.8-7 is vulnerable; other versions may also be affected.

Debian realtimebattle-common Insecure Temporary File Creation Vulnerability

An attacker uses readily available commands to exploit these issues.

Debian realtimebattle-common Insecure Temporary File Creation Vulnerability

Solution:
Reportedly, Debian fixes are about to be released. Please see the references for more information.

Debian realtimebattle-common Insecure Temporary File Creation Vulnerability

References:

• #496385 The possibility of attack with the help of symlinks in some Debian packa (Debian)
  
• Package: realtimebattle-common (Debian)