Lucene search

K
ubuntucveUbuntu.comUB:CVE-2008-5148
HistoryNov 18, 2008 - 12:00 a.m.

CVE-2008-5148

2008-11-1800:00:00
ubuntu.com
ubuntu.com
7

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

5.1%

sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite
arbitrary files via a symlink attack on a /tmp/##### temporary file.

Notes

Author Note
jdstrand per Debian, affected code is in an example script

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

5.1%