CVE-2008-1570

Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs.  NOTE: this is due to an incomplete fix for CVE-2008-1569.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
policyd-weightpolicyd-weight
0.1.14_beta-14:_beta
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
policyd-weight
bullseye
0.1.15.2-12
fixed
sid
0.1.15.2-12.1
fixed
trixie
0.1.15.2-12.1
fixed
bookworm
0.1.15.2-12.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
policyd-weight
intrepid
Fixed 0.1.14.17-1
released
hardy
Fixed 0.1.14.17-1
released
gutsy
ignored
feisty
ignored
edgy
dne
dapper
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/29738
http://security.gentoo.org/glsa/glsa-200804-11.xml
http://www.osvdb.org/43888
https://bugs.gentoo.org/show_bug.cgi?id=214403
https://exchange.xforce.ibmcloud.com/vulnerabilities/41570
http://secunia.com/advisories/29738
http://security.gentoo.org/glsa/glsa-200804-11.xml
http://www.osvdb.org/43888
https://bugs.gentoo.org/show_bug.cgi?id=214403
https://exchange.xforce.ibmcloud.com/vulnerabilities/41570