Vulnerability Description
os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Os-Prober | 1.17 |
Related Weaknesses (CWE)
References
- http://lists.debian.org/debian-devel/2008/08/msg00285.html
- http://lists.debian.org/debian-devel/2008/08/msg00296.html
- http://lists.debian.org/debian-devel/2008/08/msg00285.html
- http://lists.debian.org/debian-devel/2008/08/msg00296.html
FAQ
What is CVE-2008-5135?
CVE-2008-5135 is a vulnerability with a CVSS score of 6.2 (MEDIUM). os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issu...
How severe is CVE-2008-5135?
CVE-2008-5135 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5135?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Os-Prober.