CVE-2008-4832

Published Nov 17, 2008

Last updated 8 years ago

CVSS info 6.9

Overview

Description: rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-59

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rpath:initscripts:8.12-8.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "332AE477-DD2E-4012-9DFD-EC9A2FD5294C"
          },
          {
            "criteria": "cpe:2.3:a:rpath:initscripts:8.56.15-0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6887AA0A-EF95-4723-B059-C098935C60CF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rpath:appliance_platform_linux_service:1:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "23EA5FFA-702B-49D1-AF5F-518DE7FA6099"
          },
          {
            "criteria": "cpe:2.3:o:rpath:appliance_platform_linux_service:2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "55F9B489-0F83-4812-A2CA-A7607E7BCEAA"
          },
          {
            "criteria": "cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2B66383-4124-4579-BC8E-36DBE7ABB543"
          },
          {
            "criteria": "cpe:2.3:o:rpath:linux:2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "48D2FD6E-C9C1-4DF0-9F01-E869FA97B153"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References