← Back to CVEs
CVE-2008-5007
N/ADescription
create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.
CVE Details
CVSS v3.1 ScoreN/A
Published11/10/2008
Last Modified4/23/2026
Sourcenvd
Honeypot Sightings0
Affected Products
lazarus:lazarus
Weaknesses (CWE)
CWE-59
References
http://bugs.debian.org/496377(cve@mitre.org)
http://code.google.com/p/bollin/source/browse/lazarus/trunk/debian/patches/07_sh_using_tmp.dpatch?spec=svn3462&r=3462(cve@mitre.org)
http://dev.gentoo.org/~rbu/security/debiantemp/lazarus-src(cve@mitre.org)
http://uvw.ru/report.lenny.txt(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2008/10/30/2(cve@mitre.org)
http://www.securityfocus.com/bid/30917(cve@mitre.org)
https://bugs.gentoo.org/show_bug.cgi?id=235770(cve@mitre.org)
https://bugs.gentoo.org/show_bug.cgi?id=235828(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44824(cve@mitre.org)
http://bugs.debian.org/496377(af854a3a-2127-422b-91ae-364da2661108)
http://code.google.com/p/bollin/source/browse/lazarus/trunk/debian/patches/07_sh_using_tmp.dpatch?spec=svn3462&r=3462(af854a3a-2127-422b-91ae-364da2661108)
http://dev.gentoo.org/~rbu/security/debiantemp/lazarus-src(af854a3a-2127-422b-91ae-364da2661108)
http://uvw.ru/report.lenny.txt(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2008/10/30/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/30917(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.gentoo.org/show_bug.cgi?id=235770(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.gentoo.org/show_bug.cgi?id=235828(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44824(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.