ByteOS Network

NVD Vulnerability Details :

CVE-2008-4953

Modified

Source-cve@mitre.org

Published At-05 Nov, 2008 | 15:00

Updated At-17 May, 2024 | 00:40

firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

firehol>>firehol>>1.256

cpe:2.3:a:firehol:firehol:1.256:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-59	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://bugs.debian.org/496424	cve@mitre.org	N/A
http://dev.gentoo.org/~rbu/security/debiantemp/firehol	cve@mitre.org	N/A
http://www.openwall.com/lists/oss-security/2008/10/30/2	cve@mitre.org	N/A
https://bugs.gentoo.org/show_bug.cgi?id=235770	cve@mitre.org	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History