Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2008-5377
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-08 Dec, 2008 | 23:30
Updated At-23 Apr, 2026 | 00:35

pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.9MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 6.9
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Apple Inc.
apple
>>cups>>1.3.8
cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-59Primarynvd@nist.gov
CWE ID: CWE-59
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2009-01-21T00:00:00

Not vulnerable. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3, 4, or 5. Affected script is not part of the upstream CUPS distribution, but rather an addition used by Debian-based distributions (and possibly others). CUPS packages as shipped in Red Hat Enterprise Linux 5 also provide pstopdf filter. However, that filter is different from the one used in Debian-based distributions, and is unaffected by this flaw. Additionally, all filters used by CUPS on all versions of Red Hat Enterprise Linux are run under an unprivileged "lp" user, making the root privilege escalation mentioned in the published exploit impossible.

References
HyperlinkSourceResource
http://lists.debian.org/debian-devel/2008/08/msg00347.htmlcve@mitre.org
N/A
http://uvw.ru/report.sid.txtcve@mitre.org
Exploit
https://www.exploit-db.com/exploits/7550cve@mitre.org
N/A
http://lists.debian.org/debian-devel/2008/08/msg00347.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://uvw.ru/report.sid.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
https://www.exploit-db.com/exploits/7550af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.debian.org/debian-devel/2008/08/msg00347.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://uvw.ru/report.sid.txt
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://www.exploit-db.com/exploits/7550
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.debian.org/debian-devel/2008/08/msg00347.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://uvw.ru/report.sid.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: https://www.exploit-db.com/exploits/7550
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found