Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4993

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2008-4993
Last Modified 30 Oct 2012 11:06:22
Published 07 Nov 2008 02:36:23
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4993

Summary

qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.

Vulnerable Systems

Application

  • Xen 3.2.1


References

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=235805

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=235770

MLIST - [oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire

MANDRIVA - MDVSA-2009:016

CONFIRM - http://dev.gentoo.org/~rbu/security/debiantemp/xen-utils-3.2-1

CONFIRM - http://bugs.debian.org/496367

XF - xen-qemudm-symlink(46545)

REDHAT - RHSA-2009:0003


Last Updated: 27 May 2016 10:49:46