Vulnerability Description
gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gpsdrive | Gpsdrive | 2.09 |
Related Weaknesses (CWE)
References
- http://lists.debian.org/debian-devel/2008/08/msg00285.html
- http://secunia.com/advisories/31694
- http://secunia.com/advisories/33825
- https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00187.h
- http://lists.debian.org/debian-devel/2008/08/msg00285.html
- http://secunia.com/advisories/31694
- http://secunia.com/advisories/33825
- https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00187.h
FAQ
What is CVE-2008-5380?
CVE-2008-5380 is a vulnerability with a CVSS score of 6.9 (MEDIUM). gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.*...
How severe is CVE-2008-5380?
CVE-2008-5380 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5380?
Check the references section above for vendor advisories and patch information. Affected products include: Gpsdrive Gpsdrive.