CVE-2008-5367 — Link Following in D Itri Ppp-udeb

CWE-59 — Link Following4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 96.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Marco D Itri Ppp-udeb Debian PPP

Timeline

PublishedDec 8

Latest updateMay 17

Description

ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶debiandebian/ppp

▶NVDmarco_d_itri/ppp-udeb2.4.4

🔴Vulnerability Details

GHSA

GHSA-xfwg-78fh-5fcq: ip-up in ppp-udeb 2↗2022-05-17

▶

OSV

CVE-2008-5367: ip-up in ppp-udeb 2↗2008-12-08

▶

📋Vendor Advisories

Debian

CVE-2008-5367: ppp - ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite a...↗2008

▶