CVE-2008-1078

Loading...

General

Score:7.2/10.0
Severity:Medium
Category:Path Manipulation
Exploit:Available

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Local
Access Complexity:Low
Authentication:None

Published on 29/02/08 - Updated on 10/01/09

Description

expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.

Category: Path Manipulation

CWE-59 (Link Following)
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Security Notices

US National Vulnerability DatabaseCVE-2008-1078

Exploits

SecurityFocusBID-28044

Relative technologies

VendorProduct
gentoolinux
rpathrpath_linux

Share this vulnerability with:

Twitter Facebook LinkedIn Mail