ID CVE-2008-5137 Type cve Reporter NVD Modified 2009-02-17T01:53:56
Description
tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file.
{"assessment": {"system": "", "name": "", "href": ""}, "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "type": "cve", "viewCount": 0, "bulletinFamily": "NVD", "scanner": [], "edition": 1, "cvelist": ["CVE-2008-5137"], "published": "2008-11-18T11:00:01", "objectVersion": "1.2", "history": [], "title": "CVE-2008-5137", "reporter": "NVD", "hash": "7ae4ee72d307ab5bd8738759055fbc5a7baf1d5852f47d51d13ff466868cef39", "lastseen": "2016-09-03T11:19:46", "id": "CVE-2008-5137", "description": "tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file.", "modified": "2009-02-17T01:53:56", "references": ["http://www.securityfocus.com/bid/32407", "http://lists.debian.org/debian-devel/2008/08/msg00285.html"], "cpe": ["cpe:/a:tkman:tkman:2.2"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5137", "enchantments": {"vulnersScore": 2.1}}
{"result": {"nessus": [{"id": "GENTOO_GLSA-200909-07.NASL", "type": "nessus", "title": "GLSA-200909-07 : TkMan: Insecure temporary file usage", "description": "The remote host is affected by the vulnerability described in GLSA-200909-07 (TkMan: Insecure temporary file usage)\n\n Dmitry E. Oboukhov reported that TkMan does not handle the '/tmp/tkman#####' and '/tmp/ll' temporary files securely.\n Impact :\n\n A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "published": "2009-09-10T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40915", "cvelist": ["CVE-2008-5137"], "lastseen": "2017-10-29T13:42:05"}], "gentoo": [{"id": "GLSA-200909-07", "type": "gentoo", "title": "TkMan: Insecure temporary file usage", "description": "### Background\n\nTkMan is a graphical, hypertext manual page and Texinfo browser for UNIX. \n\n### Description\n\nDmitry E. Oboukhov reported that TkMan does not handle the \"/tmp/tkman#####\" and \"/tmp/ll\" temporary files securely. \n\n### Impact\n\nA local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll TkMan users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/tkman-2.2-r1\"", "published": "2009-09-09T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200909-07", "cvelist": ["CVE-2008-5137"], "lastseen": "2016-09-06T19:46:34"}], "openvas": [{"id": "OPENVAS:136141256231064876", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200909-07 (tkman)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200909-07.", "published": "2009-09-15T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064876", "cvelist": ["CVE-2008-5137"], "lastseen": "2018-04-06T11:40:10"}, {"id": "OPENVAS:64876", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200909-07 (tkman)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200909-07.", "published": "2009-09-15T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64876", "cvelist": ["CVE-2008-5137"], "lastseen": "2017-07-24T12:57:04"}]}}
