CVE-2008-3931 — Link Following in R-base

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 92.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedSep 4

Latest updateMay 2

Description

javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

▶debiandebian/r-base< r-base 2.7.2-1 (bookworm)

GHSA

GHSA-4682-r8pf-c5pm: javareconf in R 2↗2022-05-02

▶

OSV

CVE-2008-3931: javareconf in R 2↗2008-09-04

▶

Red Hat

R: Insecure auxiliary /tmp file usage (symlink attack possible)↗2008-08-24

▶

Debian

CVE-2008-3931: r-base - javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a syml...↗2008

▶

Bugzilla

CVE-2008-3931 R: Insecure auxiliary /tmp file usage (symlink attack possible)↗2008-08-29

▶