CVE-2008-5366 — Link Following in PPP

CWE-59 — Link Following4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 93.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Marco D Itri PPP Debian PPP

Timeline

PublishedDec 8

Latest updateMay 17

Description

The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶debiandebian/ppp

▶NVDmarco_d_itri/ppp2.4.4

🔴Vulnerability Details

GHSA

GHSA-rfr2-972g-h6h9: The postinst script in ppp 2↗2022-05-17

▶

OSV

CVE-2008-5366: The postinst script in ppp 2↗2008-12-08

▶

📋Vendor Advisories

Debian

CVE-2008-5366: ppp - The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to ov...↗2008

▶