Vulnerability CVE-2008-0665

Vulnerability Name:

CVE-2008-0665 (CCN-40549)

Assigned:

2008-02-04

Published:

2008-02-04

Updated:

2008-09-05

Summary:

wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.

CVSS v3 Severity:

5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)
3.1 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-59

Vulnerability Consequences:

File Manipulation

References:

Source: CCN
Type: Debian Bug report logs - #463907
Creates tempfiles in a unsafe way

Source: CONFIRM
Type: Exploit
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463907

Source: MITRE
Type: CNA
CVE-2008-0665

Source: SECUNIA
Type: UNKNOWN
28829

Source: CCN
Type: SA28856
Website META Language Insecure Temporary Files

Source: SECUNIA
Type: Vendor Advisory
28856

Source: SECUNIA
Type: UNKNOWN
29353

Source: GENTOO
Type: UNKNOWN
GLSA-200803-23

Source: CCN
Type: Website META Language Web siteFrank Lichtenheld
Website META Language

Source: DEBIAN
Type: UNKNOWN
DSA-1492

Source: DEBIAN
Type: DSA-1492
wml -- insecure temporary files

Source: CCN
Type: GLSA-200803-23
Website META Language: Insecure temporary file usage

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:076

Source: CCN
Type: OSVDB ID: 42888
Website META Language (WML) wml_backend/p1_ipp/ipp.src ipp.$$.tmp Symlink Arbitrary File Overwrite

Source: BID
Type: UNKNOWN
27685

Source: CCN
Type: BID-27685
Website Meta Language Multiple Local Insecure Temporary File Creation Vulnerabilities

Source: XF
Type: UNKNOWN
wml-wmlbackend-symlink(40549)

Vulnerable Configuration:

Configuration 1:

cpe:/a:website_meta_language:website_meta_language:2.0.11:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:7892	P	DSA-1492 wml -- insecure temporary files	2014-06-23
oval:org.mitre.oval:def:20163	P	DSA-1492-1 wml	2014-06-23
oval:org.debian:def:1492	V	insecure temporary files	2008-02-10

BACK