Lucene search

K
cve[email protected]CVE-2008-5139
HistoryNov 18, 2008 - 4:00 p.m.

CVE-2008-5139

2008-11-1816:00:01
CWE-59
web.nvd.nist.gov
31
updatejail
jailer 0.4
local users
symlink attack
arbitrary files
cve-2008-5139

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file.

Affected configurations

NVD
Node
javier_fernandezjailerMatch0.4

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%