CVE-2008-2378

Name of the Vulnerable Software and Affected Versions hf versions 0.7.3 through 0.8

Description The issue concerns multiple vulnerabilities in the hf package of the Debian GNU/Linux operating system, which can be exploited by a local attacker to compromise the confidentiality, integrity, and availability of protected information. A specific vulnerability exists in the hfkernel, where improper handling of the -k option allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH.

Recommendations For versions 0.7.3 through 0.8, consider restricting access to the killall program to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the -k option in the hfkernel until the issue is resolved.