Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4191

Overview

Vulnerability Score 6.6 6.6
CVE Id CVE-2008-4191
Last Modified 12 Feb 2009 01:51:16
Published 24 Sep 2008 07:42:25
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-4191

Summary

extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file.

Vulnerable Systems

Application

  • Emacspeak Inc Emacspeak 26.0

  • Emacspeak Inc Emacspeak 28.0


References

FEDORA - FEDORA-2008-8423

FEDORA - FEDORA-2008-8379

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=460435

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=235770

XF - emacspeak-extracttable-symlink(45237)

BID - 31241

MLIST - [oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire

SECUNIA - 32071

SECUNIA - 31880

CONFIRM - http://dev.gentoo.org/~rbu/security/debiantemp/emacspeak

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496431


Last Updated: 27 May 2016 10:48:24