CVE-2008-4983 — Link Following in Scilab

CWE-59 — Link Following4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 92.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Scilab Scilab Scilab-bin

Timeline

PublishedNov 6

Latest updateMay 17

Description

scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶debiandebian/scilab< scilab 4.1.2-6 (bookworm)

▶NVDscilab/scilab-bin4.1.2

🔴Vulnerability Details

GHSA

GHSA-c3wr-wrc5-mqg4: scilab-bin 4↗2022-05-17

▶

OSV

CVE-2008-4983: scilab-bin 4↗2008-11-06

▶

📋Vendor Advisories

Debian

CVE-2008-4983: scilab - scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink a...↗2008

▶