Lucene search

[email protected]CVE-2008-4908

HistoryNov 04, 2008 - 1:00 a.m.

CVE-2008-4908

2008-11-0401:00:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2008-4908

info

combine.pl

crossfire

crossfire-maps

symlink attack

security vulnerability

6.3 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Affected configurations

NVD

Node

crossfirecrossfireMatch1.11.0

AND

debiandebian_linux

CPENameOperatorVersion
crossfire:crossfirecrossfireeq1.11.0

CPE	Name	Operator	Version
crossfire:crossfire	crossfire	eq	1.11.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=496358

secunia.com/advisories/32487

www.securityfocus.com/bid/30893

exchange.xforce.ibmcloud.com/vulnerabilities/44841

6.3 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2008-4908

cvelist1 nvd1 ubuntucve1 debiancve1 prion1