CVE-2008-4936
Published Nov 5, 2008
Last updated 7 years ago
Overview
- Description
- faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-59
Social media
- Hype score
- Not currently trending
Vendor comments
- Red HatNot vulnerable. This issue did not affect the versions of mgetty as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, as they include patch that resolves this issue.
- MandrivaThis issue was fixed on May 5, 2003 for all Mandriva Linux products.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gert_doering:mgetty:1.1.36:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5EBE89B2-7BF0-4216-9C6B-5EBA17429406"
}
],
"operator": "OR"
}
]
}
]