Lucene search

[email protected]CVE-2008-2389

HistoryJun 06, 2008 - 10:32 p.m.

CVE-2008-2389

2008-06-0622:32:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2008-2389

opensuse-updater

opensuse 10.2

symlink attack

nvd

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack.

Affected configurations

NVD

Node

opensuseopensuseMatch10.2

CPENameOperatorVersion
opensuse:opensuseopensuseeq10.2

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	10.2

References

lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html

secunia.com/advisories/30581

www.securityfocus.com/bid/29608

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-2389

cvelist1 prion1 nvd1 seebug1