FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pdfjam -- insecure temporary files

Affected packages
pdfjam < 1.20_4

Details

VuXML ID a02c9595-e018-11dd-a765-0030843d3802
Discovery 2008-12-05
Entry 2009-01-11

Secunia reports:

Some security issues have been reported in PDFjam, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issues are caused due to the "pdf90", "pdfjoin", and "pdfnup" scripts using temporary files in an insecure manner. This can be exploited to overwrite arbitrary files via symlink attacks.

References

CVE Name CVE-2008-5743
URL http://secunia.com/advisories/33278
URL https://bugzilla.novell.com/show_bug.cgi?id=459031