CVE-2008-4949

UNKNOWN

dist 3

Published Nov 5, 2008

Modified 1 years ago

Details

dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn##### temporary files, related to the (1) patcil and (2) patdiff scripts.

References

WEBhttp://bugs.debian.org/496412 WEBhttp://dev.gentoo.org/~rbu/security/debiantemp/dist WEBhttp://uvw.ru/report.lenny.txt WEBhttp://www.openwall.com/lists/oss-security/2008/10/30/2 WEBhttp://www.securityfocus.com/bid/30908 WEBhttps://bugs.gentoo.org/show_bug.cgi?id=235770 WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/44818 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2008-4949

CVSS Analysis

CVSS v2.0

6.9

Exploitability

Access Vector

LocalAV:L

Access Complexity

MediumAC:M

Authentication

NoneAu:N

Impact

Confidentiality

CompleteC:C

Integrity

CompleteI:C

Availability

CompleteA:C

6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C

Ecosystems

Timeline

PublishedNov 5, 2008

ModifiedAug 7, 2024

CVE-2008-4949 | Mondoo Vulnerability Intelligence