Lucene search

[email protected]CVE-2008-5146

HistoryOct 03, 2022 - 4:13 p.m.

CVE-2008-5146

2022-10-0316:13:57

CWE-59

[email protected]

web.nvd.nist.gov

cve

2008

5146

local users

overwrite

arbitrary files

symlink attack

tmp

accession

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.

Affected configurations

NVD

Node

erl_wustlctnMatch3.0.6

CPENameOperatorVersion
erl_wustl:ctnerl wustl ctneq3.0.6

CPE	Name	Operator	Version
erl_wustl:ctn	erl wustl ctn	eq	3.0.6

References

lists.debian.org/debian-devel/2008/08/msg00347.html

uvw.ru/report.sid.txt

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-5146

ubuntucve1 prion1 nvd1 cvelist1 debiancve1