Lucene search

[email protected]CVE-2008-4957

HistoryNov 05, 2008 - 3:00 p.m.

CVE-2008-4957

2008-11-0515:00:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2008-4957

kitware gcc-xml

gccxml 0.9.0

symlink attack

temporary file

nvd

6.1 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file.

CPENameOperatorVersion
gccxml:gccxmlgccxmleq0.9.0

CPE	Name	Operator	Version
gccxml:gccxml	gccxml	eq	0.9.0

References

bugs.debian.org/496391

dev.gentoo.org/~rbu/security/debiantemp/gccxml

www.openwall.com/lists/oss-security/2008/10/30/2

bugs.gentoo.org/show_bug.cgi?id=235770

exchange.xforce.ibmcloud.com/vulnerabilities/46408

Social References

6.1 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2008-4957

prion1 cvelist1 nessus1 securityvulns2 openvas2 ubuntucve1 seebug1 gentoo1