Launchpad.net

CVE 2008-4407

XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create /tmp/sabre.log, which allows local users to cause a denial of service (application unavailability) by creating a /tmp/sabre.log file that cannot be overwritten.

Related bugs and status

CVE-2008-4407 (Candidate) is related to these bugs:

Bug #280208: CVE-2008-4407 - Insecure temporary file

Summary				In	Importance	Status
	280208	CVE-2008-4407 - Insecure temporary file		sabre (Ubuntu)	Undecided	Fix Released
	280208	CVE-2008-4407 - Insecure temporary file		sabre (Debian)	Unknown	Fix Released

Bug #283446: [CVE-2008-4406/4407] - Sabre - local users to cause a denial of service andlocal users to delete or overwrite arbitrary files via a symlink attack

		In	Importance	Status
283446	[CVE-2008-4406/4407] - Sabre - local users to cause a denial of service andlocal users to delete or overwrite arbitrary files via a symlink attack	sabre (Ubuntu)	Undecided	Fix Released
283446	[CVE-2008-4406/4407] - Sabre - local users to cause a denial of service andlocal users to delete or overwrite arbitrary files via a symlink attack	sabre (Ubuntu Dapper)	Undecided	Fix Released
283446	[CVE-2008-4406/4407] - Sabre - local users to cause a denial of service andlocal users to delete or overwrite arbitrary files via a symlink attack	sabre (Ubuntu Gutsy)	Undecided	Fix Released
283446	[CVE-2008-4406/4407] - Sabre - local users to cause a denial of service andlocal users to delete or overwrite arbitrary files via a symlink attack	sabre (Ubuntu Intrepid)	Undecided	Fix Released
283446	[CVE-2008-4406/4407] - Sabre - local users to cause a denial of service andlocal users to delete or overwrite arbitrary files via a symlink attack	sabre (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugs.debian.org...
OSVDB: 48900