PT-2008-6152 · Rccp · Rccp
Robert Buchholz
·
Published
2008-11-06
·
Updated
2009-09-15
·
CVE-2008-4980
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
rccp version 0.9
Description
The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cccp tmp.txt temporary file. This is related to the
delqueueask function in rccp.Recommendations
For rccp version 0.9, consider restricting access to the
delqueueask function to prevent exploitation until a patch is available. As a temporary workaround, avoid using the delqueueask function in rccp to minimize the risk of arbitrary file overwrites.Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rccp