[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97389

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-2958

Date: (C)2008-07-01   (M)2017-08-08
 
CVSS Score: 4.4Access Vector: LOCAL
Exploitability Subscore: 3.4Access Complexity: MEDIUM
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.

Reference:
SECUNIA-30873
checkinstall-multiple-symlink(43440)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488140
http://lists.alioth.debian.org/pipermail/secure-testing-team/2008-June/001672.html

CWE    1
CWE-362

© 2013 SecPod Technologies