CVE-2008-4085

EUVD-2008-4070
plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
stephenjungelsplait
𝑥
≤ 1.5.2
stephenjungelsplait
0.50
stephenjungelsplait
0.51
stephenjungelsplait
0.52
stephenjungelsplait
0.53
stephenjungelsplait
0.54
stephenjungelsplait
0.55
stephenjungelsplait
0.55.1
stephenjungelsplait
0.55.2
stephenjungelsplait
0.99
stephenjungelsplait
1.0
stephenjungelsplait
1.1
stephenjungelsplait
1.1.1
stephenjungelsplait
1.2.1
stephenjungelsplait
1.3
stephenjungelsplait
1.4
stephenjungelsplait
1.4.1
stephenjungelsplait
1.4.2
stephenjungelsplait
1.5
stephenjungelsplait
1.5.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
plait
bullseye
1.6.2-1.1
fixed
sid
1.6.2-3
fixed
trixie
1.6.2-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
plait
dapper
dne
feisty
dne
gutsy
dne
hardy
dne
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496381
http://dev.gentoo.org/~rbu/security/debiantemp/plait
http://secunia.com/advisories/31617
http://sourceforge.net/project/shownotes.php?group_id=147849&release_id=623154
http://www.openwall.com/lists/oss-security/2008/10/30/2
http://www.securityfocus.com/bid/30928
https://bugs.gentoo.org/show_bug.cgi?id=235770
https://exchange.xforce.ibmcloud.com/vulnerabilities/44786
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496381
http://dev.gentoo.org/~rbu/security/debiantemp/plait
http://secunia.com/advisories/31617
http://sourceforge.net/project/shownotes.php?group_id=147849&release_id=623154
http://www.openwall.com/lists/oss-security/2008/10/30/2
http://www.securityfocus.com/bid/30928
https://bugs.gentoo.org/show_bug.cgi?id=235770
https://exchange.xforce.ibmcloud.com/vulnerabilities/44786