Vulnerability CVE-2008-5138

Vulnerability Name:

CVE-2008-5138 (CCN-46724)

Assigned:

2008-08-11

Published:

2008-08-11

Updated:

2017-08-08

Summary:

passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file.

CVSS v3 Severity:

5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
6.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-59

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2008-5138

Source: CCN
Type: Freshmeat.net Web site
Version 1.0 of pam_mount module

Source: CCN
Type: debian-devel Mailing List, Mon, 11 Aug 2008 17:10:48 +0400
Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

Source: MLIST
Type: UNKNOWN
[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:005

Source: CCN
Type: libpam-mount Web page
Package: libpam-mount

Source: CCN
Type: SA32780
pam_mount "passwdehd" Insecure Temporary Files

Source: SECUNIA
Type: UNKNOWN
32780

Source: CCN
Type: OSVDB ID: 49964
libpam-mount passwdehd Temporary File Symlink Arbitrary File Overwrite

Source: XF
Type: UNKNOWN
libpammount-passwdehd-symlink(46724)

Source: XF
Type: UNKNOWN
libpammount-passwdehd-symlink(46724)

Source: SUSE
Type: SUSE-SR:2009:005
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:bkleineidam:libpam_mount:0.43:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42416	P	Security update for cifs-utils (Moderate) (in QA)	2022-07-06
oval:org.opensuse.security:def:20085138	V	CVE-2008-5138	2022-06-30
oval:org.opensuse.security:def:42207	P	Security update for kernel-firmware (Important)	2022-03-04
oval:org.opensuse.security:def:112611	P	libcryptmount-devel-2.18-1.7 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:26188	P	Security update for gegl (Important)	2021-12-28
oval:org.opensuse.security:def:32251	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:31721	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:32229	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:31312	P	Security update for java-1_7_0-openjdk (Important)	2021-11-24
oval:org.opensuse.security:def:31704	P	Security update for samba (Important)	2021-11-19
oval:org.opensuse.security:def:26152	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:31693	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:106095	P	libcryptmount-devel-2.18-1.7 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:31279	P	Security update for sqlite3 (Important)	2021-09-23
oval:org.opensuse.security:def:32190	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:26135	P	Security update for hivex (Moderate)	2021-09-23
oval:org.opensuse.security:def:31268	P	Security update for openssl (Low)	2021-09-20
oval:org.opensuse.security:def:31267	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:26126	P	Security update for Mesa (Moderate)	2021-09-16
oval:org.opensuse.security:def:32181	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:32972	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:26095	P	Security update for glibc (Moderate)	2021-07-27
oval:org.opensuse.security:def:26082	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:31634	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:26068	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:36261	P	pam_mount-0.47-13.16.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42668	P	pam_mount-0.47-13.16.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32933	P	Security update for libwebp (Critical)	2021-06-02
oval:org.opensuse.security:def:31180	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:32094	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:32087	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:32085	P	Security update for tomcat (Important)	2021-04-29
oval:org.opensuse.security:def:26029	P	Security update for the Linux Kernel (Important)	2021-04-15
oval:org.opensuse.security:def:31353	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:31739	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:31728	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:31727	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:32141	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:25984	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:25980	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:31095	P	Security update for openssl (Important)	2020-12-11
oval:org.opensuse.security:def:31561	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:42033	P	pam_mount-0.47-13.13.65 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35800	P	pam_mount-0.47-13.13.65 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36009	P	pam_mount-0.47-13.16.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35626	P	pam_mount-0.47-13.13.65 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31106	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31461	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31809	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32552	P	libgtop on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31577	P	Security update for sudo (Important)	2020-12-01
oval:org.opensuse.security:def:31933	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:31475	P	Security update for procps (Moderate)	2020-12-01
oval:org.opensuse.security:def:31813	P	Security update for apache2-mod_jk (Moderate)	2020-12-01
oval:org.opensuse.security:def:32481	P	NetworkManager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33224	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25253	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:25603	P	Security update for java-1_8_0-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:25895	P	Security update for pcsc-lite (Moderate)	2020-12-01
oval:org.opensuse.security:def:26626	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25362	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:25692	P	Security update for e2fsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:26764	P	librpcsecgss on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25559	P	Security update for mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:25843	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:26334	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25810	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26014	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26387	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:26542	P	evolution-data-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31548	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:31848	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:32591	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31982	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:32725	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31476	P	Security update for puppet	2020-12-01
oval:org.opensuse.security:def:31785	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32295	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:31945	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:32337	P	Security update for sblim-sfcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:32503	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25177	P	Security update for mariadb-connector-c (Important)	2020-12-01
oval:org.opensuse.security:def:25381	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25754	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:25909	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:25426	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25776	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26799	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25570	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:25900	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26237	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26972	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25811	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:26440	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26586	P	libexiv2-4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31094	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31870	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:32021	P	Security update for kernel-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:32764	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31487	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:31842	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:32037	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32393	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:32547	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25178	P	Security update for Mesa (Moderate)	2020-12-01
oval:org.opensuse.security:def:25462	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:25807	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25953	P	Security update for gcc48 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25350	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25554	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:25927	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25634	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26276	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:27007	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25822	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26489	P	Security update for php7-imagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:27224	P	libupsclient1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31404	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:31760	P	Security update for MozillaFirefox (Critical)	2020-12-01
oval:org.opensuse.security:def:31914	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:31485	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:31877	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:32043	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31929	P	Security update for glib2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32442	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:33185	P	libtasn1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25189	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:25519	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25856	P	Security update for gd (Important)	2020-12-01
oval:org.opensuse.security:def:26591	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25351	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25635	P	Security update for tigervnc (Critical)	2020-12-01
oval:org.opensuse.security:def:25558	P	Security update for systemd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25762	P	Security update for Xerces-C (Moderate)	2020-12-01
oval:org.opensuse.security:def:26290	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25886	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26236	P	Security update for libvpx (Moderate)	2020-12-01
oval:org.opensuse.security:def:26528	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27259	P	pam_mount on GA media (Moderate)	2020-12-01

BACK