Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0525

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-0525
Last Modified 23 Aug 2011 12:00:00
Published 31 Jan 2008 03:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-0525

Summary

PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.

Vulnerable Systems

Application

  • Lumension Security Patchlink Update 6.2

  • Lumension Security Patchlink Update 6.3

  • Lumension Security Patchlink Update 6.4

  • Novell Zenworks Patch Management Update Agent 6.2

  • Novell Zenworks Patch Management Update Agent 6.3

  • Novell Zenworks Patch Management Update Agent 6.4


References

CONFIRM - https://secure-support.novell.com/KanisaPlatform/Publishing/18/3908994_f.SAL_Public.html

XF - patchlinkupdate-reboottask-symlink(39958)

XF - patchlinkupdate-logtrimmer-symlink(39956)

VUPEN - ADV-2008-0426

SECTRACK - 1019272

BID - 27458

BUGTRAQ - 20080125 Two vulnerabilities for PatchLink Update Client for Unix.

CONFIRM - http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=530

CONFIRM - http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=528

CONFIRM - http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=527

SREASON - 3599

SECUNIA - 28665

SECUNIA - 28657


Last Updated: 27 May 2016 10:46:50