PT-2008-6758 · Verlihub · Verlihub

V4Lkyrius

Published

2008-12-22

Updated

2017-09-29

CVE-2008-5706

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Verlihub versions 0.9.8d-RC2 and earlier

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file, specifically through the cTrigger::DoIt function in the trigger mechanism in the daemon.

Recommendations For versions 0.9.8d-RC2 and earlier, consider restricting access to the cTrigger::DoIt function until a patch is available. As a temporary workaround, avoid using the trigger mechanism in the daemon to minimize the risk of exploitation.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2008-5706

Affected Products

Verlihub

PT-2008-6758 · Verlihub · Verlihub

CVE-2008-5706

Weakness Enumeration

Related Identifiers

Affected Products

References · 6