CVE-2008-2266
published 2008-05-16CVE-2008-2266: uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink…
PriorityP413medium4.4CVSS 2.0
AVLACMAuNCPIPAP
EPSS
0.32%
23.9th percentile
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libconvert-uulib-perl | < uudeview 0.5.20-3.1 (bookworm) | uudeview 0.5.20-3.1 (bookworm) |
| debian | pan | < uudeview 0.5.20-3.1 (bookworm) | uudeview 0.5.20-3.1 (bookworm) |
| debian | uudeview | < uudeview 0.5.20-3.1 (bookworm) | uudeview 0.5.20-3.1 (bookworm) |
| nzbget | nzbget | <= 0.2.2 | — |
| nzbget | nzbget | — | — |
| nzbget | nzbget | — | — |
| nzbget | nzbget | — | — |
| nzbget | nzbget | — | — |
| nzbget | nzbget | — | — |
| uudeview | uudeview | — | — |
| uudeview | uudeview | >= 0 < 0.5.20-3.1 | 0.5.20-3.1 |
| uudeview | uudeview | >= 0 < 0.5.20-3.1 | 0.5.20-3.1 |
| uudeview | uudeview | >= 0 < 0.5.20-3.1 | 0.5.20-3.1 |
| uudeview | uudeview | >= 0 < 0.5.20-3.1 | 0.5.20-3.1 |
CVSS provenance
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv7.2HIGH
vendor_debian7.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vvxg-893h-9q6m: uulib/uunconc
ghsa_unreviewed·2022-05-01·CVSS 7.2
CVE-2008-2266 [HIGH] CWE-59 GHSA-vvxg-893h-9q6m: uulib/uunconc
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.
OSV
CVE-2008-2266: uulib/uunconc
osv·2008-05-16·CVSS 7.2
CVE-2008-2266 [HIGH] CVE-2008-2266: uulib/uunconc
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.
Debian
CVE-2008-2266: libconvert-uulib-perl - uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly ...
vendor_debian·2008·CVSS 7.2
CVE-2008-2266 [HIGH] CVE-2008-2266: libconvert-uulib-perl - uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly ...
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480972http://secunia.com/advisories/30171http://secunia.com/advisories/31420http://security.gentoo.org/glsa/glsa-200808-11.xmlhttp://www.openwall.com/lists/oss-security/2008/05/14/10http://www.openwall.com/lists/oss-security/2008/05/30/1http://www.securityfocus.com/bid/29211https://exchange.xforce.ibmcloud.com/vulnerabilities/42407http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480972http://secunia.com/advisories/30171http://secunia.com/advisories/31420http://security.gentoo.org/glsa/glsa-200808-11.xmlhttp://www.openwall.com/lists/oss-security/2008/05/14/10http://www.openwall.com/lists/oss-security/2008/05/30/1http://www.securityfocus.com/bid/29211https://exchange.xforce.ibmcloud.com/vulnerabilities/42407
2008-05-16
Published