migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
{ "urgency": "low" }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2008-3930.json"