CVE-2008-5370Link Following in Pvpgn

CWE-59Link Following4 documents4 sources
Severity
6.9MEDIUMNVD
EPSS
0.0%
top 93.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PvpgnDebian Pvpgn
Timeline
PublishedDec 8
Latest updateMay 17

Description

pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

debiandebian/pvpgn< pvpgn 1.8.1-2 (bookworm)
Debianpvpgn/pvpgn< 1.8.1-2+3
NVDpvpgn/pvpgn1.8.1

🔴Vulnerability Details

2
GHSA
GHSA-j233-jmp5-mj9g: pvpgn-support-installer in pvpgn 12022-05-17
OSV
CVE-2008-5370: pvpgn-support-installer in pvpgn 12008-12-08

📋Vendor Advisories

1
Debian
CVE-2008-5370: pvpgn - pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary...2008
CVE-2008-5370 — Link Following in Debian Pvpgn | cvebase