Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2266

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2008-2266
Last Modified 02 Apr 2009 12:00:00
Published 16 May 2008 08:54:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2266

Summary

uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.

Vulnerable Systems

Application

  • Nzbget 0.1.0a

  • Nzbget 0.1.1

  • Nzbget 0.1.2

  • Nzbget 0.2.0

  • Nzbget 0.2.1

  • Nzbget 0.2.2

  • Uudeview 0.5.20


References

XF - uudeview-tempnam-symlink(42407)

BID - 29211

MLIST - [oss-security] 20080530 Re: CVE id request: uudeview

MLIST - [oss-security] 20080514 Re: CVE id request: uudeview

GENTOO - GLSA-200808-11

SECUNIA - 31420

SECUNIA - 30171

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480972


Last Updated: 27 May 2016 10:47:48