Lucene search

[email protected]CVE-2008-4944

HistoryNov 05, 2008 - 3:00 p.m.

CVE-2008-4944

2008-11-0515:00:15

CWE-59

[email protected]

web.nvd.nist.gov

cve

2008

4944

cdcontrol

symlink attack

file overwrite

temporary files

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

writtercontrol in cdcontrol 1.90 allows local users to overwrite arbitrary files via a symlink attack on /tmp/v-recorder*-out temporary files.

Affected configurations

NVD

Node

gleydson_mazioli_da_silvacdcontrolMatch1.90

CPENameOperatorVersion
gleydson_mazioli_da_silva:cdcontrolgleydson mazioli da silva cdcontroleq1.90

CPE	Name	Operator	Version
gleydson_mazioli_da_silva:cdcontrol	gleydson mazioli da silva cdcontrol	eq	1.90

References

bugs.debian.org/496438

dev.gentoo.org/~rbu/security/debiantemp/cdcontrol

uvw.ru/report.lenny.txt

www.openwall.com/lists/oss-security/2008/10/30/2

www.securityfocus.com/bid/30892

bugs.gentoo.org/show_bug.cgi?id=235770

exchange.xforce.ibmcloud.com/vulnerabilities/44839

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-4944

cvelist1 nvd1 prion1 ubuntucve1