[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-4108Date: (C)2008-09-18   (M)2023-12-22


Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1020904
BID-31184
SREASON-4274
ADV-2008-2659
http://marc.info/?l=oss-security&m=122148330903513&w=2
http://marc.info/?l=oss-security&m=122152861617434&w=2
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498899
https://bugzilla.redhat.com/show_bug.cgi?id=462326
python-movefaqwiz-symlink(45161)

CWE    1
CWE-59

© SecPod Technologies