Lucene search

[email protected]CVE-2008-4950

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2008-4950

2022-10-0316:14:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2008-4950

dpkg-cross

symlink attack

security vulnerability

nvd

6.2 Medium

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script … is called under specific cross-building environments within a chroot.

Affected configurations

NVD

Node

debiandpkg-crossMatch2.3.0

CPENameOperatorVersion
debian:dpkg-crossdebian dpkg-crosseq2.3.0

CPE	Name	Operator	Version
debian:dpkg-cross	debian dpkg-cross	eq	2.3.0

References

bugs.debian.org/496413

dev.gentoo.org/~rbu/security/debiantemp/dpkg-cross

www.openwall.com/lists/oss-security/2008/10/30/2

bugs.gentoo.org/show_bug.cgi?id=235770

6.2 Medium

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2008-4950

nvd1 ubuntucve1 cvelist1 prion1 debiancve1