Vulnerability CVE-2008-2958


Published: 2008-07-01   Modified: 2012-02-12

Description:
Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.

Type:

CWE-362

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Checkinstall -> Checkinstall 

 References:
http://xforce.iss.net/xforce/xfdb/43440
http://secunia.com/advisories/30873
http://lists.alioth.debian.org/pipermail/secure-testing-team/2008-June/001672.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488140

Copyright 2024, cxsecurity.com

 

Back to Top