Lucene search

[email protected]CVE-2008-4997

HistoryNov 07, 2008 - 7:36 p.m.

CVE-2008-4997

2008-11-0719:36:24

CWE-59

[email protected]

web.nvd.nist.gov

cve

2008

4997

datafreedom-perl

symlink attack

vulnerability

6.5 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage.

CPENameOperatorVersion
pilot-qof:datafreedom-perlpilot-qof datafreedom-perleq0.1.7

CPE	Name	Operator	Version
pilot-qof:datafreedom-perl	pilot-qof datafreedom-perl	eq	0.1.7

References

bugs.debian.org/496429

dev.gentoo.org/~rbu/security/debiantemp/datafreedom-perl

www.openwall.com/lists/oss-security/2008/10/30/2

bugs.gentoo.org/show_bug.cgi?id=235770

6.5 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2008-4997

prion1 ubuntucve1