Lucene search

[email protected]NVD:CVE-2008-2958

HistoryJul 01, 2008 - 10:41 p.m.

CVE-2008-2958

2008-07-0122:41:00

CWE-362

[email protected]

web.nvd.nist.gov

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.

Affected configurations

Nvd

Node

checkinstallcheckinstallMatch1.6.1

VendorProductVersionCPE
checkinstallcheckinstall1.6.1cpe:2.3:a:checkinstall:checkinstall:1.6.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
checkinstall	checkinstall	1.6.1	cpe:2.3:a:checkinstall:checkinstall:1.6.1:::::::*

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=488140

lists.alioth.debian.org/pipermail/secure-testing-team/2008-June/001672.html

secunia.com/advisories/30873

exchange.xforce.ibmcloud.com/vulnerabilities/43440

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2008-2958

debiancve1 cve1 prion1 ubuntucve1 cvelist1