Package: xpvm Severity: serious Tags: security According to http://secunia.com/advisories/16040:
Eric Romang has reported a vulnerability in xpvm, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerability is caused due to the temporary file "/tmp/xpvm.trace.$user" being created insecurely by "src/xpvm.tcl". This can be exploited via symlink attacks to create or overwrite arbitrary files with the privileges of the user running the affected application. This is CAN-2005-2240. -- see shy jo
signature.asc
Description: Digital signature
