NVD

Id
4299  
Name
CVE-2008-4476  
Description
sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.  
Reject
 
CVSS Version
2  
CVSS Score
6.9  
Severity
Medium  
CVSS Base Score
6.9  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.4  
CVSS Vector
(AV:L/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-03  
Published
2008-10-07  
Modified Date
2009-09-08  
Seq
2008-4476  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
27232 4299 CVE-2008-4476 http://bugs.debian.org/496405  View
27233 4299 CVE-2008-4476 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969  View
27234 4299 CVE-2008-4476 http://dev.gentoo.org/~rbu/security/debiantemp/sympa  View
27235 4299 CVE-2008-4476 [debian-devel] 20080812 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages  View
27236 4299 CVE-2008-4476 http://uvw.ru/report.lenny.txt  View
27237 4299 CVE-2008-4476 [oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire  View
27238 4299 CVE-2008-4476 30727  View
27239 4299 CVE-2008-4476 sympa-sympa-symlink(44499)  View
27240 4299 CVE-2008-4476 https://bugs.gentoo.org/show_bug.cgi?id=235770  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
50978 JVNDB-2008-006288 sympa の sympa.pl における任意のファイルを上書きされる脆弱性 sympa の sympa.pl には、任意のファイルを上書きされる脆弱性が存在します。 CVE-2008-4476 34589 CVE-2008-4476 4299 6.9 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-006288.html 2008-10-07 2012-12-20 View