NVD

Id
4735  
Name
CVE-2008-4946  
Description
convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/.  
Reject
 
CVSS Version
2  
CVSS Score
6.9  
Severity
Medium  
CVSS Base Score
6.9  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.4  
CVSS Vector
(AV:L/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-03  
Published
2008-11-05  
Modified Date
2009-07-20  
Seq
2008-4946  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
29605 4735 CVE-2008-4946 http://bugs.debian.org/496419  View
29606 4735 CVE-2008-4946 http://dev.gentoo.org/~rbu/security/debiantemp/convirt  View
29607 4735 CVE-2008-4946 [oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire  View
29608 4735 CVE-2008-4946 https://bugs.gentoo.org/show_bug.cgi?id=235770  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
48302 JVNDB-2008-003612 convirt における任意のファイルを上書きされる脆弱性 convirt は、image_store/ 配下の以下のスクリプト関連する処理に不備があるため、任意のファイルを上書きされる脆弱性が存在します。 CVE-2008-4946 35059 CVE-2008-4946 4735 6.9 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-003612.html 2008-11-05 2012-06-26 View