CVE-2008-4936
published 2008-11-05CVE-2008-4936: faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
PriorityP416medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.41%
33.3th percentile
faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mgetty | < mgetty 1.1.36-1.3 (bookworm) | mgetty 1.1.36-1.3 (bookworm) |
| gert_doering | mgetty | — | — |
| mgetty_project | mgetty | >= 0 < 1.1.36-1.3 | 1.1.36-1.3 |
| mgetty_project | mgetty | >= 0 < 1.1.36-1.3 | 1.1.36-1.3 |
| mgetty_project | mgetty | >= 0 < 1.1.36-1.3 | 1.1.36-1.3 |
| mgetty_project | mgetty | >= 0 < 1.1.36-1.3 | 1.1.36-1.3 |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9LOW
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2008-4936: mgetty - faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a ...
vendor_debian·2008·CVSS 6.9
CVE-2008-4936 [MEDIUM] CVE-2008-4936: mgetty - faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a ...
faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
Scope: local
bookworm: resolved (fixed in 1.1.36-1.3)
bullseye: resolved (fixed in 1.1.36-1.3)
forky: resolved (fixed in 1.1.36-1.3)
sid: resolved (fixed in 1.1.36-1.3)
trixie: resolved (fixed in 1.1.36-1.3)
Red Hat
CVE-2008-4936: faxspool in mgetty 1
vendor_redhat·CVSS 6.9
CVE-2008-4936 [MEDIUM] CVE-2008-4936: faxspool in mgetty 1
faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
Statement: Not vulnerable. This issue did not affect the versions of mgetty as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, as they include patch that resolves this issue.
GHSA
GHSA-9r8x-j9wv-wvqv: faxspool in mgetty 1
ghsa_unreviewed·2022-05-17
CVE-2008-4936 [MEDIUM] CWE-59 GHSA-9r8x-j9wv-wvqv: faxspool in mgetty 1
faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
OSV
CVE-2008-4936: faxspool in mgetty 1
osv·2008-11-05·CVSS 6.9
CVE-2008-4936 [MEDIUM] CVE-2008-4936: faxspool in mgetty 1
faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.debian.org/496403http://dev.gentoo.org/~rbu/security/debiantemp/mgetty-faxhttp://secunia.com/advisories/33051http://security.gentoo.org/glsa/glsa-200812-08.xmlhttp://uvw.ru/report.lenny.txthttp://www.openwall.com/lists/oss-security/2008/10/30/2http://www.securityfocus.com/bid/30927https://bugs.gentoo.org/show_bug.cgi?id=235770https://bugs.gentoo.org/show_bug.cgi?id=235806https://exchange.xforce.ibmcloud.com/vulnerabilities/44833http://bugs.debian.org/496403http://dev.gentoo.org/~rbu/security/debiantemp/mgetty-faxhttp://secunia.com/advisories/33051http://security.gentoo.org/glsa/glsa-200812-08.xmlhttp://uvw.ru/report.lenny.txthttp://www.openwall.com/lists/oss-security/2008/10/30/2http://www.securityfocus.com/bid/30927https://bugs.gentoo.org/show_bug.cgi?id=235770https://bugs.gentoo.org/show_bug.cgi?id=235806https://exchange.xforce.ibmcloud.com/vulnerabilities/44833
2008-11-05
Published