Vulnerability Description
mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files via a symlink attack on the (3) /tmp/sms.log temporary file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smsclient | Smsclient | 2.0.8z |
Related Weaknesses (CWE)
References
- http://lists.debian.org/debian-devel/2008/08/msg00347.html
- http://uvw.ru/report.sid.txtExploit
- http://www.securityfocus.com/bid/32405
- http://lists.debian.org/debian-devel/2008/08/msg00347.html
- http://uvw.ru/report.sid.txtExploit
- http://www.securityfocus.com/bid/32405
FAQ
What is CVE-2008-5155?
CVE-2008-5155 is a vulnerability with a CVSS score of 9.3 (HIGH). mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files...
How severe is CVE-2008-5155?
CVE-2008-5155 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5155?
Check the references section above for vendor advisories and patch information. Affected products include: Smsclient Smsclient.