Lucene search

[email protected]CVE-2008-5374

HistoryDec 08, 2008 - 11:30 p.m.

CVE-2008-5374

2008-12-0823:30:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2008-5374

bash-doc 3.2

symlink attack

local file overwrite

aliasconv.sh

aliasconv.bash

cshtobash

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.

Affected configurations

NVD

Node

matthias_klosebash-docMatch3.2

CPENameOperatorVersion
matthias_klose:bash-docmatthias klose bash-doceq3.2

CPE	Name	Operator	Version
matthias_klose:bash-doc	matthias klose bash-doc	eq	3.2

References

lists.debian.org/debian-devel/2008/08/msg00347.html

secunia.com/advisories/43365

secunia.com/advisories/51086

security.gentoo.org/glsa/glsa-201210-05.xml

uvw.ru/report.sid.txt

www.mandriva.com/security/advisories?name=MDVSA-2010:004

www.redhat.com/support/errata/RHSA-2011-0261.html

www.redhat.com/support/errata/RHSA-2011-1073.html

www.securityfocus.com/bid/32733

www.vupen.com/english/advisories/2011/0414

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-5374

oraclelinux2 nessus10 openvas13 redhat3 prion1 ubuntucve1 centos1 veracode1 cvelist1 nvd1 debiancve1 gentoo1 securityvulns1