Launchpad.net

CVE 2008-4987

xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts.

Related bugs and status

CVE-2008-4987 (Candidate) is related to these bugs:

Bug #425475: xastir crashed with SIGSEGV in strcmp()

Summary				In	Importance	Status
	425475	xastir crashed with SIGSEGV in strcmp()		xastir (Ubuntu)	Medium	Fix Released

Bug #492867: Included shell script /usr/lib/xastir/get-NWSdata attempts to store downloaded information in /usr/local/share/xastir/Counties instead of the /usr/share/xastir/Counties

Summary				In	Importance	Status
	492867	Included shell script /usr/lib/xastir/get-NWSdata attempts to store downloaded information in /usr/local/share/xastir/Counties instead of the /usr/share/xastir/Counties		xastir (Ubuntu)	Low	Fix Released
	492867	Included shell script /usr/lib/xastir/get-NWSdata attempts to store downloaded information in /usr/local/share/xastir/Counties instead of the /usr/share/xastir/Counties		xastir (Debian)	Unknown	Fix Released

Bug #572620: locks desktop when righclicking on a icon

Summary				In	Importance	Status
	572620	locks desktop when righclicking on a icon		xastir (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-4987

Related bugs and status

Related bugs

References