CVE

Id
35056  
CVE No.
CVE-2008-4939  
Status
Candidate  
Description
apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, (c) /tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e) /tmp/#####docxsalida.zip, (f) /tmp/#####xlsxembed, (g) /tmp/#####xlsxorig, and (h) /tmp/#####xslxsalida.zip temporary files, related to the (1) apertium-gen-deformat, (2) apertium-gen-reformat, and (3) apertium scripts.  
Phase
Assigned (20081105)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
383666 35056 CVE-2008-4939 MLIST:[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire  View
383667 35056 CVE-2008-4939 URL:http://www.openwall.com/lists/oss-security/2008/10/30/2  View
383668 35056 CVE-2008-4939 MISC:http://uvw.ru/report.lenny.txt  View
383669 35056 CVE-2008-4939 CONFIRM:http://bugs.debian.org/496395  View
383670 35056 CVE-2008-4939 CONFIRM:http://dev.gentoo.org/~rbu/security/debiantemp/apertium  View
383671 35056 CVE-2008-4939 CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=235770  View
383672 35056 CVE-2008-4939 BID:30896  View
383673 35056 CVE-2008-4939 URL:http://www.securityfocus.com/bid/30896  View
383674 35056 CVE-2008-4939 XF:apertium-multiple-symlink(44854)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
49715 JVNDB-2008-005025 bulmages-servers における任意のファイルを上書きされる脆弱性 bulmages-servers には、以下のスクリプトに関する不備があるため、任意のファイルを上書きされる脆弱性が存在します。 CVE-2008-4943 35056 6.9 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005025.html  View