PT-2008-4392 · None · Installwatch+1

Felipe Sateler

Published

2008-07-01

Updated

2017-08-08

CVE-2008-2958

CVSS v2.0

4.4

Medium

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions checkinstall version 1.6.1 installwatch (affected versions not specified)

Description A race condition exists, allowing local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.

Recommendations For checkinstall version 1.6.1, update to a newer version that contains a fix for this issue. For installwatch, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2008-2958

Affected Products

Checkinstall

Installwatch

PT-2008-4392 · None · Installwatch+1

CVE-2008-2958

Weakness Enumeration

Related Identifiers

Affected Products

References · 8