CVE-2008-5373 — Link Following in Bacula

CWE-59 — Link Following7 documents6 sources

Severity

6.9MEDIUMNVD

OSV3.6

EPSS

0.1%

top 68.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bacula Debian Bacula

Timeline

PublishedDec 8

Latest updateMay 14

Description

mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/bacula< bacula 2.4.0-1 (bookworm)

▶Debianbacula/bacula< 2.4.0-1+3

▶NVDbacula/bacula2.4.2

🔴Vulnerability Details

GHSA

GHSA-xgpj-r9f2-8ghw: mtx-changer↗2022-05-14

▶

OSV

CVE-2008-5373: mtx-changer↗2008-12-08

▶

📋Vendor Advisories

Red Hat

bacula-common: Insecure temporary file use in autochangers (symlink attack)↗2008-08-11

▶

Debian

CVE-2008-5373: bacula - mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrit...↗2008

▶

💬Community

Bugzilla

CVE-2008-5373 bacula-common: Insecure temporary file use in autochangers (symlink attack) [fedora-all]↗2010-12-24

▶

Bugzilla

CVE-2008-5373 bacula-common: Insecure temporary file use in autochangers (symlink attack)↗2008-12-09

▶