CVE-2008-3524

CWE-595 documents5 sources

Severity

4.7MEDIUM

EPSS

0.0%

top 90.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Fedora Redhat Initscripts

Timeline

PublishedSep 29

Latest updateMay 2

Description

rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run.

CVSS vector

AV:L/AC:M/C:N/I:N/A:CExploitability: 3.4 | Impact: 6.9

Affected Packages1 packages

▶NVDredhat/initscripts8.76.3

Also affects: Fedora 9

🔴Vulnerability Details

GHSA

GHSA-wf5r-cxjr-47w7: rc↗2022-05-02

▶

CVEList

CVE-2008-3524: rc↗2008-09-29

▶

📋Vendor Advisories

Red Hat

initscripts: possible system files removal via malicious symlink in /var/{lock,run}↗2008-08-08

▶

💬Community

Bugzilla

CVE-2008-3524 initscripts: possible system files removal via malicious symlink in /var/{lock,run}↗2008-08-11

▶