Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5140

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2008-5140
Last Modified 30 Oct 2012 11:06:55
Published 18 Nov 2008 11:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5140

Summary

trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.

Vulnerable Systems

Application

  • Debian Mailscanner 4.55.10


References

CONFIRM - http://www.mailscanner.info/ChangeLog

SECUNIA - 33117

MLIST - [debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353#44

XF - mailscanner-trendautoupdatenew-symlink(46725)

BID - 32376

SECUNIA - 32730


Last Updated: 27 May 2016 10:56:38