CVE-2008-4832
Published Nov 17, 2008
Last updated 7 years ago
Overview
- Description
- rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-59
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rpath:initscripts:8.12-8.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "332AE477-DD2E-4012-9DFD-EC9A2FD5294C"
},
{
"criteria": "cpe:2.3:a:rpath:initscripts:8.56.15-0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6887AA0A-EF95-4723-B059-C098935C60CF"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rpath:appliance_platform_linux_service:1:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "23EA5FFA-702B-49D1-AF5F-518DE7FA6099"
},
{
"criteria": "cpe:2.3:o:rpath:appliance_platform_linux_service:2:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "55F9B489-0F83-4812-A2CA-A7607E7BCEAA"
},
{
"criteria": "cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2B66383-4124-4579-BC8E-36DBE7ABB543"
},
{
"criteria": "cpe:2.3:o:rpath:linux:2:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "48D2FD6E-C9C1-4DF0-9F01-E869FA97B153"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]