NVD

Id
4297  
Name
CVE-2008-4474  
Description
freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.  
Reject
 
CVSS Version
2  
CVSS Score
7.2  
Severity
High  
CVSS Base Score
7.2  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-03  
Published
2008-10-07  
Modified Date
2009-02-06  
Seq
2008-4474  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
27217 4297 CVE-2008-4474 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389  View
27218 4297 CVE-2008-4474 http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin  View
27219 4297 CVE-2008-4474 [debian-devel] 20080811 Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages  View
27220 4297 CVE-2008-4474 SUSE-SR:2008:028  View
27221 4297 CVE-2008-4474 http://uvw.ru/report.lenny.txt  View
27222 4297 CVE-2008-4474 [oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire  View
27223 4297 CVE-2008-4474 30901  View
27224 4297 CVE-2008-4474 https://bugs.gentoo.org/show_bug.cgi?id=235770  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
48202 JVNDB-2008-003512 freeradius の freeradius-dialupadmin における任意のファイルを上書きされる脆弱性 freeradius の freeradius-dialupadmin には、任意のファイルを上書きされる脆弱性が存在します。 CVE-2008-4474 34587 CVE-2008-4474 4297 7.2 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-003512.html 2008-10-07 2012-06-26 View