CVE-2008-4943

bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/error.txt, (b) /tmp/errores.txt, and possibly other temporary files, related to the (1) creabulmafact, (2) creabulmacont, and possibly (3) actualizabulmacont, (4) installbulmages-db, and (5) actualizabulmafact scripts.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
igluesbulmages-servers
0.11.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bulmages
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
dne
maverick
dne
lucid
ignored
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
dne
Common Weakness Enumeration
References
http://bugs.debian.org/496382
http://dev.gentoo.org/~rbu/security/debiantemp/bulmages-servers
http://www.openwall.com/lists/oss-security/2008/10/30/2
https://bugs.gentoo.org/show_bug.cgi?id=235770
http://bugs.debian.org/496382
http://dev.gentoo.org/~rbu/security/debiantemp/bulmages-servers
http://www.openwall.com/lists/oss-security/2008/10/30/2
https://bugs.gentoo.org/show_bug.cgi?id=235770