NVD

Id
4738  
Name
CVE-2008-4949  
Description
dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn##### temporary files, related to the (1) patcil and (2) patdiff scripts.  
Reject
 
CVSS Version
2  
CVSS Score
6.9  
Severity
Medium  
CVSS Base Score
6.9  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.4  
CVSS Vector
(AV:L/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-03  
Published
2008-11-05  
Modified Date
2009-08-26  
Seq
2008-4949  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
29621 4738 CVE-2008-4949 http://bugs.debian.org/496412  View
29622 4738 CVE-2008-4949 http://dev.gentoo.org/~rbu/security/debiantemp/dist  View
29623 4738 CVE-2008-4949 http://uvw.ru/report.lenny.txt  View
29624 4738 CVE-2008-4949 [oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire  View
29625 4738 CVE-2008-4949 30908  View
29626 4738 CVE-2008-4949 dist-file-symlink(44818)  View
29627 4738 CVE-2008-4949 https://bugs.gentoo.org/show_bug.cgi?id=235770  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
49718 JVNDB-2008-005028 dist における任意のファイルを上書きされる脆弱性 dist は、(1) patcil および (2) patdiff スクリプトに不備があるため、任意のファイルを上書きされる脆弱性が存在します。 CVE-2008-4949 35062 CVE-2008-4949 4738 6.9 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005028.html 2008-08-24 2012-09-25 View