PT-2008-6502 · Netdisco · Netdisco-Mibs-Installer
Dmitry E. Oboukhov
·
Publicado
2008-12-08
·
Atualizado
2008-12-09
·
CVE-2008-5379
CVSS v2.0
6.9
Média
| Vetor | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
netdisco-mibs-installer version 1.0
Description
The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file. This is related to the netdisco-mibs-install and netdisco-mibs-download scripts.
Recommendations
For netdisco-mibs-installer version 1.0, consider restricting access to the netdisco-mibs-install and netdisco-mibs-download scripts until a patch is available. As a temporary workaround, avoid using these scripts to minimize the risk of exploitation.
Correção
Link Following
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Netdisco-Mibs-Installer