Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4976

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2008-4976
Last Modified 15 Sep 2009 01:19:53
Published 06 Nov 2008 10:55:52
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4976

Summary

ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/ogle_audio.#####, (b) /tmp/ogle_cli.#####, (c) /tmp/ogle_ctrl.#####, (d) /tmp/ogle_gui.#####, (e) /tmp/ogle_mpeg_ps.#####, (f) /tmp/ogle_mpeg_vs.#####, (g) /tmp/ogle_nav.#####, and (h) /tmp/ogle_vout.#####, temporary files, related to the (1) ogle_audio_debug, (2) ogle_cli_debug, (3) ogle_ctrl_debug, (4) ogle_gui_debug, (5) ogle_mpeg_ps_debug, (6) ogle_mpeg_vs_debug, (7) ogle_nav_debug, and (8) ogle_vout_debug scripts.

Vulnerable Systems

Application

  • Alan Woodland Ogle 0.92

  • Alan Woodland Ogle-mmx 0.92


References

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=235770

XF - ogledvdplayer-file-symlink(44832)

BID - 30926

MLIST - [oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire

MISC - http://uvw.ru/report.lenny.txt

CONFIRM - http://dev.gentoo.org/~rbu/security/debiantemp/ogle-mmx

CONFIRM - http://dev.gentoo.org/~rbu/security/debiantemp/ogle

CONFIRM - http://bugs.debian.org/496425

CONFIRM - http://bugs.debian.org/496420


Last Updated: 27 May 2016 10:48:40