Lucene search

[email protected]CVE-2008-4993

HistoryNov 07, 2008 - 7:36 p.m.

CVE-2008-4993

2008-11-0719:36:23

CWE-59

[email protected]

web.nvd.nist.gov

xen

qemu-dm.debug

security vulnerability

symlink attack

nvd

cve-2008-4993

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.

Affected configurations

NVD

Node

xenxenMatch3.2.1

CPENameOperatorVersion
xen:xenxeneq3.2.1

CPE	Name	Operator	Version
xen:xen	xen	eq	3.2.1

References

bugs.debian.org/496367

dev.gentoo.org/~rbu/security/debiantemp/xen-utils-3.2-1

www.mandriva.com/security/advisories?name=MDVSA-2009:016

www.openwall.com/lists/oss-security/2008/10/30/2

www.redhat.com/support/errata/RHSA-2009-0003.html

bugs.gentoo.org/show_bug.cgi?id=235770

bugs.gentoo.org/show_bug.cgi?id=235805

exchange.xforce.ibmcloud.com/vulnerabilities/46545

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9576

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-4993

veracode1 cvelist1 prion1 nvd1 ubuntucve1 openvas9 nessus5 centos1 oraclelinux1 redhat1