CVE-2008-4979

2008-11-0615:55:52

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

Percentile

5.1%

JSON

getipacctg in rancid 2.3.2~a8 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/ipacct.#####.prefixes, (2) /tmp/ipacct.#####.sorted, (3) /tmp/ipacct.#####.pl, and (4) /tmp/ipacct.##### temporary files.

OSVersionArchitecturePackageVersionFilename
Debian12allrancid< 2.3.2~a8-2rancid_2.3.2~a8-2_all.deb
Debian11allrancid< 2.3.2~a8-2rancid_2.3.2~a8-2_all.deb
Debian999allrancid< 2.3.2~a8-2rancid_2.3.2~a8-2_all.deb
Debian13allrancid< 2.3.2~a8-2rancid_2.3.2~a8-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	rancid	< 2.3.2~a8-2	rancid_2.3.2~a8-2_all.deb
Debian	11	all	rancid	< 2.3.2~a8-2	rancid_2.3.2~a8-2_all.deb
Debian	999	all	rancid	< 2.3.2~a8-2	rancid_2.3.2~a8-2_all.deb
Debian	13	all	rancid	< 2.3.2~a8-2	rancid_2.3.2~a8-2_all.deb