Published: 18/11/2008 Updated: 08/08/2017

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dann frazier flamethrower 0.1.8

Debian Bug report logs - #506350 CVE-2008-5141: allows local users to overwrite arbitrary files via a symlink attack Package: flamethrower; Maintainer for flamethrower is dann frazier <dannf@debianorg>; Source for flamethrower is src:flamethrower (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> ...

Dmitry E Oboukhov discovered that flamethrower creates predictable temporary filenames, which may lead to a local denial of service through a symlink attack For the stable distribution (etch), this problem has been fixed in version 018-1+etch1 For the unstable distribution (sid), this problem has been fixed in version 018-2 We recommend tha ...

CWE-59 http://lists.debian.org/debian-devel/2008/08/msg00285.html http://secunia.com/advisories/32891 http://secunia.com/advisories/32961 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506350 http://www.securityfocus.com/bid/32386 http://www.debian.org/security/2008/dsa-1676 https://exchange.xforce.ibmcloud.com/vulnerabilities/46717 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506350 https://nvd.nist.gov https://www.debian.org/security/./dsa-1676

CVE-2008-5141

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect