Lucene search

[email protected]CVE-2008-4994

HistoryNov 07, 2008 - 7:36 p.m.

CVE-2008-4994

2008-11-0719:36:23

CWE-59

[email protected]

web.nvd.nist.gov

(cve-2008-4994

xmcd

file overwrite

vulnerability

symlink attack)

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file.

Affected configurations

NVD

Node

ti_kanxmcdMatch2.6

CPENameOperatorVersion
ti_kan:xmcdti kan xmcdeq2.6

CPE	Name	Operator	Version
ti_kan:xmcd	ti kan xmcd	eq	2.6

References

bugs.debian.org/496416

dev.gentoo.org/~rbu/security/debiantemp/xmcd

www.openwall.com/lists/oss-security/2008/10/30/2

www.securityfocus.com/bid/32288

bugs.gentoo.org/show_bug.cgi?id=235770

exchange.xforce.ibmcloud.com/vulnerabilities/46550

Social References

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-4994

prion1 seebug1 ubuntucve1 cvelist1 nvd1