Lucene search

[email protected]CVE-2008-4477

HistoryOct 08, 2008 - 12:00 a.m.

CVE-2008-4477

2008-10-0800:00:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2008-4477

mon 0.99.2

symlink attack

local users

nvd

6.1 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file.

CPENameOperatorVersion
jim_trocki:monjim trocki moneq0.99.2

CPE	Name	Operator	Version
jim_trocki:mon	jim trocki mon	eq	0.99.2

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=496398

dev.gentoo.org/~rbu/security/debiantemp/mon

lists.debian.org/debian-devel/2008/08/msg00312.html

secunia.com/advisories/32183

www.mandriva.com/security/advisories?name=MDVSA-2008:214

www.openwall.com/lists/oss-security/2008/10/30/2

www.securityfocus.com/bid/31597

www.us.debian.org/security/2008/dsa-1648

bugs.gentoo.org/show_bug.cgi?id=235770

exchange.xforce.ibmcloud.com/vulnerabilities/45738

6.1 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2008-4477

nessus1 prion1 debiancve1 openvas2 securityvulns2 debian1 osv1 ubuntucve1