Lucene search

[email protected]NVD:CVE-2008-4085

HistorySep 15, 2008 - 5:12 p.m.

CVE-2008-4085

2008-09-1517:12:51

CWE-59

[email protected]

web.nvd.nist.gov

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/.

Affected configurations

NVD

Node

stephenjungelsplaitRange≤1.5.2

stephenjungelsplaitMatch0.50

stephenjungelsplaitMatch0.51

stephenjungelsplaitMatch0.52

stephenjungelsplaitMatch0.53

stephenjungelsplaitMatch0.54

stephenjungelsplaitMatch0.55

stephenjungelsplaitMatch0.55.1

stephenjungelsplaitMatch0.55.2

stephenjungelsplaitMatch0.99

stephenjungelsplaitMatch1.0

stephenjungelsplaitMatch1.1

stephenjungelsplaitMatch1.1.1

stephenjungelsplaitMatch1.2.1

stephenjungelsplaitMatch1.3

stephenjungelsplaitMatch1.4

stephenjungelsplaitMatch1.4.1

stephenjungelsplaitMatch1.4.2

stephenjungelsplaitMatch1.5

stephenjungelsplaitMatch1.5.1

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=496381

dev.gentoo.org/~rbu/security/debiantemp/plait

secunia.com/advisories/31617

sourceforge.net/project/shownotes.php?group_id=147849&release_id=623154

www.openwall.com/lists/oss-security/2008/10/30/2

www.securityfocus.com/bid/30928

bugs.gentoo.org/show_bug.cgi?id=235770

exchange.xforce.ibmcloud.com/vulnerabilities/44786

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2008-4085

ubuntucve1 cvelist1 cve1 prion1 debiancve1