CVE-2008-5135 in os-proberinfo

Summary

** DISPUTED ** os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users."

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

11/18/2008

Disclosure

11/18/2008

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-59

CVSS

7.4

EPSS

0.00038

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-5135
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-5135
CVE Details	https://www.cvedetails.com/cve/CVE-2008-5135/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!