Lucene search
Ubuntu.comUB:CVE-2008-4108HistorySep 18, 2008 - 12:00 a.m.
CVE-2008-4108
2008-09-1800:00:00
ubuntu.com
ubuntu.com
9
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0
Percentile
5.1%
Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in
Python 2.4.5 might allow local users to overwrite arbitrary files via a
symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be
common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted
directory.
Notes
| Author | Note |
|---|---|
| mdeslaur | example script only |
| jdstrand | shipped in /usr/share/doc/python2.[45]/examples in 8.04 |
Related
cve
cve
CVE-2008-4108
2008-09-18 17:59:33
nvd
nvd
CVE-2008-4108
2008-09-18 17:59:33
prion
prion
Directory traversal
2008-09-18 17:59:00
debiancve
debiancve
CVE-2008-4108
2008-09-18 17:59:33
cvelist
cvelist
CVE-2008-4108
2008-09-18 17:47:00
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0
Percentile
5.1%
Related for UB:CVE-2008-4108