Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2008-0525
HistoryJan 31, 2008 - 8:00 p.m.

CVE-2008-0525

2008-01-3120:00:00
CWE-59
[email protected]
web.nvd.nist.gov
4

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0

Percentile

10.1%

JSON

PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.

Affected configurations

Nvd
Node
unixunix
AND
lumension_securitypatchlink_updateMatch6.2linux
OR
lumension_securitypatchlink_updateMatch6.2mac
OR
lumension_securitypatchlink_updateMatch6.2unix
OR
lumension_securitypatchlink_updateMatch6.3linux
OR
lumension_securitypatchlink_updateMatch6.3mac
OR
lumension_securitypatchlink_updateMatch6.3unix
OR
lumension_securitypatchlink_updateMatch6.4linux
OR
lumension_securitypatchlink_updateMatch6.4mac
OR
lumension_securitypatchlink_updateMatch6.4unix
OR
novellzenworks_patch_management_update_agentMatch6.2linux
OR
novellzenworks_patch_management_update_agentMatch6.2mac
OR
novellzenworks_patch_management_update_agentMatch6.2unix
OR
novellzenworks_patch_management_update_agentMatch6.3linux
OR
novellzenworks_patch_management_update_agentMatch6.3mac
OR
novellzenworks_patch_management_update_agentMatch6.3unix
OR
novellzenworks_patch_management_update_agentMatch6.4linux
OR
novellzenworks_patch_management_update_agentMatch6.4mac
OR
novellzenworks_patch_management_update_agentMatch6.4unix
VendorProductVersionCPE
unixunix*cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*
lumension_securitypatchlink_update6.2cpe:2.3:a:lumension_security:patchlink_update:6.2:*:linux:*:*:*:*:*
lumension_securitypatchlink_update6.2cpe:2.3:a:lumension_security:patchlink_update:6.2:*:mac:*:*:*:*:*
lumension_securitypatchlink_update6.2cpe:2.3:a:lumension_security:patchlink_update:6.2:*:unix:*:*:*:*:*
lumension_securitypatchlink_update6.3cpe:2.3:a:lumension_security:patchlink_update:6.3:*:linux:*:*:*:*:*
lumension_securitypatchlink_update6.3cpe:2.3:a:lumension_security:patchlink_update:6.3:*:mac:*:*:*:*:*
lumension_securitypatchlink_update6.3cpe:2.3:a:lumension_security:patchlink_update:6.3:*:unix:*:*:*:*:*
lumension_securitypatchlink_update6.4cpe:2.3:a:lumension_security:patchlink_update:6.4:*:linux:*:*:*:*:*
lumension_securitypatchlink_update6.4cpe:2.3:a:lumension_security:patchlink_update:6.4:*:mac:*:*:*:*:*
lumension_securitypatchlink_update6.4cpe:2.3:a:lumension_security:patchlink_update:6.4:*:unix:*:*:*:*:*
Rows per page:
1-10 of 191

Related

prion 1
cve 1
cvelist 1
prion
prion
Code injection
2008-01-31 20:00:00
cve
cve
CVE-2008-0525
2008-01-31 20:00:00
cvelist
cvelist
CVE-2008-0525
2008-01-31 19:30:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0

Percentile

10.1%

JSON
Related for NVD:CVE-2008-0525
prion1cve1cvelist1