Vulnerability Description
A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Xsabre | 0.2.4b |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/433996
- http://openwall.com/lists/oss-security/2008/10/01/1
- http://osvdb.org/48895
- http://www.securityfocus.com/bid/31512
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45609
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45715
- http://bugs.debian.org/433996
- http://openwall.com/lists/oss-security/2008/10/01/1
- http://osvdb.org/48895
- http://www.securityfocus.com/bid/31512
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45609
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45715
FAQ
What is CVE-2008-4406?
CVE-2008-4406 is a vulnerability with a CVSS score of 7.2 (HIGH). A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files.
How severe is CVE-2008-4406?
CVE-2008-4406 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4406?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Xsabre.