CVE-2008-4936

{"id": "CVE-2008-4936", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-11-05T15:00:14.790", "references": [{"url": "http://bugs.debian.org/496403", "source": "cve@mitre.org"}, {"url": "http://dev.gentoo.org/~rbu/security/debiantemp/mgetty-fax", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33051", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200812-08.xml", "source": "cve@mitre.org"}, {"url": "http://uvw.ru/report.lenny.txt", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30927", "source": "cve@mitre.org"}, {"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770", "source": "cve@mitre.org"}, {"url": "https://bugs.gentoo.org/show_bug.cgi?id=235806", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44833", "source": "cve@mitre.org"}, {"url": "http://bugs.debian.org/496403", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://dev.gentoo.org/~rbu/security/debiantemp/mgetty-fax", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/33051", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-200812-08.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://uvw.ru/report.lenny.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/30927", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.gentoo.org/show_bug.cgi?id=235806", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44833", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file."}, {"lang": "es", "value": "faxspool de mgetty v1.1.36, permite a usuarios locales sobrescribir ficheros de su elecci\u00f3n a trav\u00e9s de una ataque de enlace simb\u00f3lico sobre un fichero temporal /tmp/faxsp.#####."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gert_doering:mgetty:1.1.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EBE89B2-7BF0-4216-9C6B-5EBA17429406"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of mgetty as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, as they include patch that resolves this issue.", "lastModified": "2008-11-06T00:00:00", "organization": "Red Hat"}, {"comment": "This issue was fixed on May 5, 2003 for all Mandriva Linux products.", "lastModified": "2008-12-09T00:00:00", "organization": "Mandriva"}], "sourceIdentifier": "cve@mitre.org"}