Lucene search

[email protected]CVE-2008-4975

HistoryNov 06, 2008 - 3:55 p.m.

CVE-2008-4975

2008-11-0615:55:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2008-4975

vulnerability

newsgate 1.6

symlink attack

tmp file

nvd

6.5 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mmp##### temporary file.

CPENameOperatorVersion
debian:newsgatedebian newsgateeq1.6

CPE	Name	Operator	Version
debian:newsgate	debian newsgate	eq	1.6

References

bugs.debian.org/496437

dev.gentoo.org/~rbu/security/debiantemp/newsgate

uvw.ru/report.lenny.txt

www.openwall.com/lists/oss-security/2008/10/30/2

www.securityfocus.com/bid/30932

bugs.gentoo.org/show_bug.cgi?id=235770

6.5 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2008-4975

cvelist1 ubuntucve1 prion1