CVE-2008-5380
published 2008-12-08CVE-2008-5380: gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a…
PriorityP418medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.30%
21.3th percentile
gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gpsdrive | gpsdrive | <= 2.10 | — |
| gpsdrive | gpsdrive | — | — |
| gpsdrive | gpsdrive | — | — |
| gpsdrive | gpsdrive | — | — |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
gpsdrive: Insecure temporary file use in geo-code, geo-nearest (symlink attack)
vendor_redhat·2008-08-11·CVSS 6.9
CVE-2008-5380 [MEDIUM] gpsdrive: Insecure temporary file use in geo-code, geo-nearest (symlink attack)
gpsdrive: Insecure temporary file use in geo-code, geo-nearest (symlink attack)
gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959.
Red Hat
gpsdrive: insecure temporary file use in gpssmswatch and splash.c
vendor_redhat·CVSS 6.9
CVE-2008-5703 [MEDIUM] CWE-377 gpsdrive: insecure temporary file use in gpssmswatch and splash.c
gpsdrive: insecure temporary file use in gpssmswatch and splash.c
gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) examples/gpssmswatch and (2) src/splash.c, different vectors than CVE-2008-4959 and CVE-2008-5380.
Red Hat
gpsdrive: insecure temporary file use in unit_test.c
vendor_redhat·CVSS 6.9
CVE-2008-5704 [MEDIUM] CWE-377 gpsdrive: insecure temporary file use in unit_test.c
gpsdrive: insecure temporary file use in unit_test.c
src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-4959 and CVE-2008-5380.
GHSA
GHSA-xq2x-gx2h-74r3: src/unit_test
ghsa_unreviewed·2022-05-17·CVSS 6.9
CVE-2008-5704 [MEDIUM] CWE-59 GHSA-xq2x-gx2h-74r3: src/unit_test
src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-4959 and CVE-2008-5380.
GHSA
GHSA-cqcq-m56r-2wgx: gpsdrive (aka gpsdrive-scripts) 2
ghsa_unreviewed·2022-05-17·CVSS 6.9
CVE-2008-5380 [MEDIUM] CWE-59 GHSA-cqcq-m56r-2wgx: gpsdrive (aka gpsdrive-scripts) 2
gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959.
GHSA
GHSA-7grv-vq6p-hf4x: gpsdrive (aka gpsdrive-scripts) 2
ghsa_unreviewed·2022-05-17·CVSS 6.9
CVE-2008-5703 [MEDIUM] CWE-59 GHSA-7grv-vq6p-hf4x: gpsdrive (aka gpsdrive-scripts) 2
gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) examples/gpssmswatch and (2) src/splash.c, different vectors than CVE-2008-4959 and CVE-2008-5380.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2008-5704 gpsdrive: insecure temporary file use in unit_test.c
bugzilla·2009-01-27·CVSS 6.9
CVE-2008-5704 [MEDIUM] CVE-2008-5704 gpsdrive: insecure temporary file use in unit_test.c
CVE-2008-5704 gpsdrive: insecure temporary file use in unit_test.c
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5704 to the following vulnerability:
src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local
users to overwrite arbitrary files via a symlink attack on the
/tmp/gpsdrive-unit-test/proc temporary file, a different vector than
CVE-2008-4959 and CVE-2008-5380.
References:
http://openwall.com/lists/oss-security/2008/12/17/15
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508597
Discussion:
Modified upstream to create temporary directory using mkdtemp:
http://gpsdrive.svn.sourceforge.net/viewvc/gpsdrive?view=rev&revision=2236
---
We don't ship the 2.10* versions anywhere yet. ;)
We only have 2.09.
So, I assume we can just close
Bugzilla
CVE-2008-5703 gpsdrive: insecure temporary file use in gpssmswatch and splash.c
bugzilla·2009-01-27·CVSS 6.9
CVE-2008-5703 [MEDIUM] CVE-2008-5703 gpsdrive: insecure temporary file use in gpssmswatch and splash.c
CVE-2008-5703 gpsdrive: insecure temporary file use in gpssmswatch and splash.c
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5703 to the following vulnerability:
gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite
arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b)
/tmp/gpsdrivepos temporary file, related to (1) examples/gpssmswatch and (2)
src/splash.c, different vectors than CVE-2008-4959 and CVE-2008-5380.
References:
http://openwall.com/lists/oss-security/2008/12/17/15
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508597
http://sourceforge.net/tracker/index.php?func=detail&aid=2121124&group_id=148048&atid=770280
http://www.securityfocus.com/bid/32887
Discussion:
Upstream fixes:
gpssmswatch was removed in:
http://g
Bugzilla
CVE-2008-5380 gpsdrive: Insecure temporary file use in geo-code, geo-nearest (symlink attack)
bugzilla·2008-12-09·CVSS 6.9
CVE-2008-5380 [MEDIUM] CVE-2008-5380 gpsdrive: Insecure temporary file use in geo-code, geo-nearest (symlink attack)
CVE-2008-5380 gpsdrive: Insecure temporary file use in geo-code, geo-nearest (symlink attack)
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5380 to
the following vulnerability:
gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite
arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b)
/tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.*
temporary file, related to the (1) geo-code and (2) geo-nearest
scripts, different vectors than CVE-2008-4959.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5380
http://lists.debian.org/debian-devel/2008/08/msg00285.html
Affected scripts:
/usr/bin/geo-code
/usr/bin/geo-nearest
Sample related code (from /usr/bin/geo-code):
251 TMP=/tmp/geo$$
272 cp $COORDS /tmp/geo.google
Bugzilla
CVE-2008-4959 gpsdrive: geo-code insecure temporary file use
bugzilla·2008-11-06·CVSS 6.9
CVE-2008-4959 [MEDIUM] CVE-2008-4959 gpsdrive: geo-code insecure temporary file use
CVE-2008-4959 gpsdrive: geo-code insecure temporary file use
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4959 to the following vulnerability:
geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite
arbitrary files via a symlink attack on (1) /tmp/geo.google, (2)
/tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords
temporary files.
References:
http://bugs.debian.org/496436
http://dev.gentoo.org/~rbu/security/debiantemp/gpsdrive-scripts
https://bugs.gentoo.org/show_bug.cgi?id=235770
http://www.openwall.com/lists/oss-security/2008/10/30/2
Discussion:
Created attachment 322708
Patch used by Debian
Attached is the patch that was used by Debian gpsdrive maintainer. It is not the same as originally proposed one linked in the Debian bug:
h
http://lists.debian.org/debian-devel/2008/08/msg00285.htmlhttp://secunia.com/advisories/31694http://secunia.com/advisories/33825https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00187.htmlhttp://lists.debian.org/debian-devel/2008/08/msg00285.htmlhttp://secunia.com/advisories/31694http://secunia.com/advisories/33825https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00187.html
2008-12-08
Published