Vulnerability Details : CVE-2008-4908

maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Published 2008-11-04 00:57:31

Updated 2017-08-08 01:32:59

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-4908

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
3.3	LOW	AV:L/AC:M/Au:N/C:N/I:P/A:P	3.4	4.9	nvd@nist.gov
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

Crossfire » Crossfire » Version: 1.11.0
cpe:2.3:a:crossfire:crossfire:1.11.0:*:*:*:*:*:*:*
Matching versions
When used together with: Debian » Debian Linux