Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2958

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2008-2958
Last Modified 05 Sep 2008 05:41:43
Published 01 Jul 2008 06:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2958

Summary

Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.

Vulnerable Systems

Application

  • Checkinstall 1.6.1


References

XF - checkinstall-multiple-symlink(43440)

SECUNIA - 30873

MISC - http://lists.alioth.debian.org/pipermail/secure-testing-team/2008-June/001672.html

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488140


Last Updated: 27 May 2016 10:48:02