CVE-2008-5377 : pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a syml

pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.

Published 2008-12-08 23:30:00

Updated 2017-09-29 01:32:37

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2008-5377

Apple » Cups » Version: 1.3.8
cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2008-5377

Top countries where our scanners detected CVE-2008-5377

Top open port discovered on systems with this issue 631

IPs affected by CVE-2008-5377 20

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2008-5377!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2008-5377

EPSS FAQ

0.19%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 39 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-5377

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-5377

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2008-5377

Red Hat 2009-01-21

Not vulnerable. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3, 4, or 5. Affected script is not part of the upstream CUPS distribution, but rather an addition used by Debian-based distributions (and possibly others). CUPS packages as shipped in Red Hat Enterprise Linux 5 also provide pstopdf filter. However, that filter is different from the one used in Debian-based distributions, and is unaffected by this flaw. Additionally, all filters used by CUPS on all versions of Red Hat Enterprise Linux are run under an unprivileged "lp" user, making the root privilege escalation mentioned in the published exploit impossible.

References for CVE-2008-5377

https://www.exploit-db.com/exploits/7550

CUPS < 1.3.8-4 - Local Privilege Escalation - Multiple local Exploit
http://lists.debian.org/debian-devel/2008/08/msg00347.html

Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

CVEs referencing this url
http://uvw.ru/report.sid.txt

Exploit

CVEs referencing this url

Jump to