ID CVE-2008-4908
Type cve
Reporter cve@mitre.org
Modified 2017-08-08T01:32:00
Description
maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
{"id": "CVE-2008-4908", "bulletinFamily": "NVD", "title": "CVE-2008-4908", "description": "maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.", "published": "2008-11-04T00:57:00", "modified": "2017-08-08T01:32:00", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4908", "reporter": "cve@mitre.org", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/44841", "http://www.securityfocus.com/bid/30893", "http://secunia.com/advisories/32487", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496358"], "cvelist": ["CVE-2008-4908"], "type": "cve", "lastseen": "2020-10-03T11:51:03", "edition": 3, "viewCount": 5, "enchantments": {"dependencies": {"references": [], "modified": "2020-10-03T11:51:03", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2020-10-03T11:51:03", "rev": 2}, "vulnersScore": 4.9}, "cpe": ["cpe:/a:crossfire:crossfire:1.11.0"], "affectedSoftware": [{"cpeName": "crossfire:crossfire", "name": "crossfire", "operator": "eq", "version": "1.11.0"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:crossfire:crossfire:1.11.0:*:*:*:*:*:*:*"], "cwe": ["CWE-59"], "scheme": null, "affectedConfiguration": [{"cpeName": "debian:debian_linux", "name": "debian debian linux", "operator": "eq", "version": "*"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:crossfire:crossfire:1.11.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}}
{}
