Vulnerability Name: | CVE-2008-4108 (CCN-45161) | ||||||||
Assigned: | 2008-09-14 | ||||||||
Published: | 2008-09-14 | ||||||||
Updated: | 2017-08-08 | ||||||||
Summary: | Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. Note: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory. | ||||||||
CVSS v3 Severity: | 5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 6.8 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:UR)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:U/RC:UR)
| ||||||||
Vulnerability Type: | CWE-59 | ||||||||
Vulnerability Consequences: | File Manipulation | ||||||||
References: | Source: CCN Type: Debian Bug report logs - #498899 Unsecure use of temporary file Source: CONFIRM Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498899 Source: MITRE Type: CNA CVE-2008-4108 Source: MLIST Type: UNKNOWN [oss-security] 20080915 CVE Request (python) Source: MLIST Type: UNKNOWN [oss-security] 20080916 Re: CVE Request (python) Source: SREASON Type: UNKNOWN 4274 Source: CCN Type: SECTRACK ID: 1020904 Python 'move-faqwiz.sh' Uses Unsafe Temporary Files That Let Local Users Gain Elevated Privileges Source: CCN Type: OSVDB ID: 49562 Python Tools/faqwiz/move-faqwiz.sh tmp$RANDOM.tmp File Symlink Arbitrary File Overwrite Source: CCN Type: Python Web site Python Programming Language Source: BID Type: UNKNOWN 31184 Source: CCN Type: BID-31184 Python 'move-faqwiz.sh' Insecure Temporary File Creation Vulnerability Source: SECTRACK Type: UNKNOWN 1020904 Source: VUPEN Type: UNKNOWN ADV-2008-2659 Source: CCN Type: Red Hat Bugzilla Bug 462326 CVE-2008-4108 python: Generic FAQ wizard moving tool insecure auxiliary /tmp file usage (symlink attack possible) Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=462326 Source: XF Type: UNKNOWN python-movefaqwiz-symlink(45161) Source: XF Type: UNKNOWN python-movefaqwiz-symlink(45161) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |