Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5394Link Following in Shadow

CWE-59Link Following8 documents8 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 75.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Shadow Project ShadowDebian Shadow
Timeline
PublishedDec 9
Latest updateMay 14

Description

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDdebian/shadow4.0.18.1
Debianshadow_project/shadow< 1:4.1.1-6+3

🔴Vulnerability Details

3
GHSA
GHSA-5848-87gf-wvqv: /bin/login in shadow 42022-05-14
CVEList
CVE-2008-5394: /bin/login in shadow 42008-12-09
OSV
CVE-2008-5394: /bin/login in shadow 42008-12-09

💥Exploits & PoCs

1
Exploit-DB
Debian - Symlink In Login Arbitrary File Ownership2008-12-01

📋Vendor Advisories

3
Ubuntu
shadow vulnerability2008-12-18
Debian
CVE-2008-5394: shadow - /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux dist...2008
Red Hat
CVE-2008-5394: /bin/login in shadow 4
CVE-2008-5394 — Link Following in Debian Shadow | cvebase