← Voltar para CVEs
CVE-2008-5007
N/ADescricao
create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado11/10/2008
Ultima modificacao4/23/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
lazarus:lazarus
Fraquezas (CWE)
CWE-59
Referencias
http://bugs.debian.org/496377(cve@mitre.org)
http://code.google.com/p/bollin/source/browse/lazarus/trunk/debian/patches/07_sh_using_tmp.dpatch?spec=svn3462&r=3462(cve@mitre.org)
http://dev.gentoo.org/~rbu/security/debiantemp/lazarus-src(cve@mitre.org)
http://uvw.ru/report.lenny.txt(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2008/10/30/2(cve@mitre.org)
http://www.securityfocus.com/bid/30917(cve@mitre.org)
https://bugs.gentoo.org/show_bug.cgi?id=235770(cve@mitre.org)
https://bugs.gentoo.org/show_bug.cgi?id=235828(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44824(cve@mitre.org)
http://bugs.debian.org/496377(af854a3a-2127-422b-91ae-364da2661108)
http://code.google.com/p/bollin/source/browse/lazarus/trunk/debian/patches/07_sh_using_tmp.dpatch?spec=svn3462&r=3462(af854a3a-2127-422b-91ae-364da2661108)
http://dev.gentoo.org/~rbu/security/debiantemp/lazarus-src(af854a3a-2127-422b-91ae-364da2661108)
http://uvw.ru/report.lenny.txt(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2008/10/30/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/30917(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.gentoo.org/show_bug.cgi?id=235770(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.gentoo.org/show_bug.cgi?id=235828(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44824(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.