Lucene search

[email protected]CVE-2008-4983

HistoryNov 06, 2008 - 3:55 p.m.

CVE-2008-4983

2008-11-0615:55:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2008-4983

scilab-bin

local overwrite

vulnerability

symlink attack

nvd

6.2 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, © /tmp/SciLink#####3, (d) /tmp/.#####, (e) /tmp/.#####.res, (f) /tmp/.#####.err, and (g) /tmp/.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts.

CPENameOperatorVersion
scilab:scilab-binscilab scilab-bineq4.1.2

CPE	Name	Operator	Version
scilab:scilab-bin	scilab scilab-bin	eq	4.1.2

References

bugs.debian.org/496414

dev.gentoo.org/~rbu/security/debiantemp/scilab-bin

secunia.com/advisories/33630

security.gentoo.org/glsa/glsa-200901-14.xml

uvw.ru/report.lenny.txt

www.openwall.com/lists/oss-security/2008/10/30/2

www.securityfocus.com/bid/30968

bugs.gentoo.org/show_bug.cgi?id=235770

exchange.xforce.ibmcloud.com/vulnerabilities/44883

6.2 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2008-4983

securityvulns2 debiancve1 prion1 openvas2 gentoo1 nessus1 ubuntucve1