CVE-2008-3930

Description

migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

How to fix CVE-2008-3930

To remediate CVE-2008-3930, upgrade the affected package to a fixed version below.

• Debian/citadel—upgrade to 7.37-3 or later

Is CVE-2008-3930 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 7.37-3

References (7)

• ADVISORYsecunia.com/advisories/31648
• WEBbugs.debian.org/cgi-bin/bugreport.cgi?bug=496359
• WEBdev.gentoo.org/~rbu/security/debiantemp/citadel-server
• WEBbugs.gentoo.org/show_bug.cgi?id=235770
• WEB