Secunia Research has discovered a security issue in Bournal, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The script uses temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks when running the update check via the “–hack_the_gibson” parameter. Version 1.4 is affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/86594/secunia-itf.txt
Source: https://packetstormsecurity.com/files/86594/Bournal-Insecure-Temporary-Files.html