Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5703

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2008-5703
Last Modified 19 Aug 2009 01:22:19
Published 22 Dec 2008 10:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2008-5703

Summary

gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) examples/gpssmswatch and (2) src/splash.c, different vectors than CVE-2008-4959 and CVE-2008-5380.

Vulnerable Systems

Application

  • Gpsdrive 1.32

  • Gpsdrive 1.33

  • Gpsdrive 2.09

  • Gpsdrive 2.10


References

FEDORA - FEDORA-2009-1366

BID - 32887

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=2121124&group_id=148048&atid=770280

SECUNIA - 33825

SECUNIA - 31694

MLIST - [oss-security] 20081216 CVE id request: gpsdrive

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508597


Last Updated: 27 May 2016 10:48:54