CVE-2008-3930 — MEDIUM (6.9)

Vulnerability Description

migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

CVSS Score

6.9

MEDIUM

AV:L/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Debian	Citadel Server	7.37

Related Weaknesses (CWE)

CWE-59

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496359
http://dev.gentoo.org/~rbu/security/debiantemp/citadel-server
http://secunia.com/advisories/31648Vendor Advisory
http://www.openwall.com/lists/oss-security/2008/10/30/2
http://www.securityfocus.com/bid/30877
https://bugs.gentoo.org/show_bug.cgi?id=235770
https://exchange.xforce.ibmcloud.com/vulnerabilities/44734
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496359
http://dev.gentoo.org/~rbu/security/debiantemp/citadel-server
http://secunia.com/advisories/31648Vendor Advisory
http://www.openwall.com/lists/oss-security/2008/10/30/2
http://www.securityfocus.com/bid/30877
https://bugs.gentoo.org/show_bug.cgi?id=235770
https://exchange.xforce.ibmcloud.com/vulnerabilities/44734

FAQ

What is CVE-2008-3930?

CVE-2008-3930 is a vulnerability with a CVSS score of 6.9 (MEDIUM). migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

How severe is CVE-2008-3930?

CVE-2008-3930 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3930?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Citadel Server.