ID CVE-2008-4996Type cveReporter cve@mitre.orgModified 2008-11-10T05:00:00
Description
DISPUTED init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable."
{"id": "CVE-2008-4996", "bulletinFamily": "NVD", "title": "CVE-2008-4996", "description": "** DISPUTED ** init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that \"init is [used in] a single-user context; there's no possibility that this is exploitable.\"", "published": "2008-11-07T19:36:00", "modified": "2008-11-10T05:00:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4996", "reporter": "cve@mitre.org", "references": ["http://dev.gentoo.org/~rbu/security/debiantemp/initramfs-tools", "http://www.openwall.com/lists/oss-security/2008/10/30/2", "https://bugs.gentoo.org/show_bug.cgi?id=235770", "http://bugs.debian.org/496386"], "cvelist": ["CVE-2008-4996"], "type": "cve", "lastseen": "2019-05-29T18:09:29", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "5a232909d51976387fce5ae2c5efde5d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "b09198369f68aac8ac47ec4a2461f088"}, {"key": "cpe23", "hash": "cf37e60e90ba3b1867486470c20c5dc3"}, {"key": "cvelist", "hash": "3638f4116eaf2a9ab2c5fc13064071c4"}, {"key": "cvss", "hash": "d5f1840e27443eb2d6a17b941080264e"}, {"key": "cvss2", "hash": "a557fbdf660140e37cd35160225900d3"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "c92f044c94e4360fec268c45081f3bc6"}, {"key": "description", "hash": "2a87bf2fa2cb51a1a47df63521cfcaff"}, {"key": "href", "hash": "85bb7c25511904f86eaea7c00fe5a389"}, {"key": "modified", "hash": "e34ed125e056963bb805394bc55eae34"}, {"key": "published", "hash": "e284dffadb0218512d2337d924fed3d3"}, {"key": "references", "hash": "e905e681f5781e8c7c881619ee45addb"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "29ab4e8e91009dca8c5d55b8cf8d0822"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "e22e6fee34e3c640bd1f4f5c7466a18016d18bfb18f9678cf1ffeeb62bc2b3d1", "viewCount": 0, "enchantments": {"score": {"value": 5.1, "vector": "NONE", "modified": "2019-05-29T18:09:29"}, "dependencies": {"references": [], "modified": "2019-05-29T18:09:29"}, "vulnersScore": 5.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:debian:initramfs-tools:0.92f"], "affectedSoftware": [{"name": "debian initramfs-tools", "operator": "eq", "version": "0.92f"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:debian:initramfs-tools:0.92f:*:*:*:*:*:*:*"], "cwe": ["CWE-59"]}
{}
