PT-2008-3758 · Uudeview+1 · Uudeview+1
Publicado
2008-05-16
·
Atualizado
2024-06-15
·
CVE-2008-2266
CVSS v2.0
4.4
Média
| Vetor | AV:L/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
UUDeview version 0.5.20
nzbget versions prior to 0.3.0
Description:
The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function.
Recommendations:
For UUDeview version 0.5.20, update to a newer version to mitigate the risk.
For nzbget versions prior to 0.3.0, update to version 0.3.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the tempnam function to minimize the risk of exploitation.
Correção
Link Following
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Uudeview
Nzbget