Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2008-5135HistoryNov 18, 2008 - 4:00 p.m.
CVE-2008-5135
2008-11-1816:00:01
Debian Security Bug Tracker
security-tracker.debian.org
52
os-prober 1.17
symlink attack
/tmp/mounted-map
/tmp/raided-map
vendor dispute
d-i environment
non-root users
unix
CVSS2
6.2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
AI Score
8.8
Confidence
High
EPSS
0
Percentile
5.1%
os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | os-prober | <= 1.81 | os-prober_1.81_all.deb |
| Debian | 11 | all | os-prober | <= 1.79 | os-prober_1.79_all.deb |
| Debian | 999 | all | os-prober | <= 1.83 | os-prober_1.83_all.deb |
| Debian | 13 | all | os-prober | <= 1.83 | os-prober_1.83_all.deb |
Related
cvelist
cvelist
CVE-2008-5135
2008-11-18 15:00:00
ubuntucve
ubuntucve
CVE-2008-5135
2008-11-18 00:00:00
prion
prion
Design/Logic Flaw
2008-11-18 16:00:00
cve
cve
CVE-2008-5135
2008-11-18 16:00:01
nvd
nvd
CVE-2008-5135
2008-11-18 16:00:01
avleonov
avleonov
CVSS2
6.2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
AI Score
8.8
Confidence
High
EPSS
0
Percentile
5.1%
Related for DEBIANCVE:CVE-2008-5135