Lucene search

[email protected]CVE-2008-1570

HistoryMar 31, 2008 - 10:44 p.m.

CVE-2008-1570

2008-03-3122:44:00

CWE-362

[email protected]

web.nvd.nist.gov

cve-2008-1570

policyd-weight

race condition

create lockpath

security vulnerability

file modification

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1569.

Affected configurations

NVD

Node

policyd-weightpolicyd-weightMatch0.1.14_beta-14

CPENameOperatorVersion
policyd-weight:policyd-weightpolicyd-weighteq0.1.14_beta-14

CPE	Name	Operator	Version
policyd-weight:policyd-weight	policyd-weight	eq	0.1.14_beta-14

References

secunia.com/advisories/29738

security.gentoo.org/glsa/glsa-200804-11.xml

www.osvdb.org/43888

bugs.gentoo.org/show_bug.cgi?id=214403

exchange.xforce.ibmcloud.com/vulnerabilities/41570

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-1570

openvas8 cvelist2 debiancve2 nvd2 prion2 ubuntucve2 nessus3 cve1 gentoo1