cbcvebase.
CVE-2008-4936
published 2008-11-05

CVE-2008-4936: faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.

PriorityP416medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.41%
33.3th percentile
faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianmgetty< mgetty 1.1.36-1.3 (bookworm)mgetty 1.1.36-1.3 (bookworm)
gert_doeringmgetty
mgetty_projectmgetty>= 0 < 1.1.36-1.31.1.36-1.3
mgetty_projectmgetty>= 0 < 1.1.36-1.31.1.36-1.3
mgetty_projectmgetty>= 0 < 1.1.36-1.31.1.36-1.3
mgetty_projectmgetty>= 0 < 1.1.36-1.31.1.36-1.3

CVSS provenance

nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9LOW
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.