Vulnerability Details : CVE-2008-5034

** DISPUTED ** master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not have " possibility of attack with the help of symlinks"'.

Published 2008-11-10 16:15:12

Updated 2008-11-11 05:00:00

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-5034

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-5034

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	[email protected]
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-5034

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: [email protected] (Primary)

References for CVE-2008-5034

Products affected by CVE-2008-5034

A Mennucc1 » Printfilters-ppd » Version: 2.13
cpe:2.3:a:a_mennucc1:printfilters-ppd:2.13:*:*:*:*:*:*:*
Matching versions