[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-2266Date: (C)2008-05-16   (M)2023-12-22


uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.4
Exploit Score: 3.4
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-29211
SECUNIA-30171
SECUNIA-31420
GLSA-200808-11
http://www.openwall.com/lists/oss-security/2008/05/14/10
http://www.openwall.com/lists/oss-security/2008/05/30/1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480972
uudeview-tempnam-symlink(42407)

CWE    1
CWE-59

© SecPod Technologies