Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4909 to the following vulnerability: maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496358 http://www.securityfocus.com/bid/30893 http://secunia.com/advisories/32487
The Debian bug report indicates that maps/Info/combine.pl is not used by default and is provided solely as a utility for possible use. However, this bug report is two years old, so I'm filing a Fedora tracker as it has never been addressed.