CVE-2008-4967

linuxtrade 3.65 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/bwk, (b) /tmp/zzz, and (c) /tmp/ggg temporary files, related to the (1) linuxtrade.bwkvol, (2) linuxtrade.wn, and (3) moneyam.helper scripts.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
linuxtradelinuxtrade
3.65
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linuxtrade
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
dne
hardy
ignored
gutsy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://bugs.debian.org/496372
http://dev.gentoo.org/~rbu/security/debiantemp/linuxtrade
http://uvw.ru/report.lenny.txt
http://www.openwall.com/lists/oss-security/2008/10/30/2
http://www.securityfocus.com/bid/30910
https://bugs.gentoo.org/show_bug.cgi?id=235770
https://exchange.xforce.ibmcloud.com/vulnerabilities/44826
http://bugs.debian.org/496372
http://dev.gentoo.org/~rbu/security/debiantemp/linuxtrade
http://uvw.ru/report.lenny.txt
http://www.openwall.com/lists/oss-security/2008/10/30/2
http://www.securityfocus.com/bid/30910
https://bugs.gentoo.org/show_bug.cgi?id=235770
https://exchange.xforce.ibmcloud.com/vulnerabilities/44826