CVE-2008-4952 - Vulnerability Details - OpenCVE

emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Emacs	Emacs-jabber

Configuration 1 [-]

cpe:2.3:a:emacs:emacs-jabber:0.7.91:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.debian.org/496428
http://dev.gentoo.org/~rbu/security/debiantemp/emacs-jabber
http://www.openwall.com/lists/oss-security/2008/10/30/2
https://bugs.gentoo.org/show_bug.cgi?id=235770
https://exchange.xforce.ibmcloud.com/vulnerabilities/46409

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-11-05T14:51:00

Updated: 2024-08-07T10:31:28.303Z

Reserved: 2008-11-05T00:00:00

Link: CVE-2008-4952

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-11-05T15:00:15.243

Modified: 2024-11-21T00:52:55.613

Link: CVE-2008-4952

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-11T00:00:00", "descriptions": [{"lang": "en", "value": "emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/496428"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://dev.gentoo.org/~rbu/security/debiantemp/emacs-jabber"}, {"name": "emacsjabber-emacsjabber-symlink(46409)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46409"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4952", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"name": "http://bugs.debian.org/496428", "refsource": "CONFIRM", "url": "http://bugs.debian.org/496428"}, {"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", "refsource": "CONFIRM", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"name": "http://dev.gentoo.org/~rbu/security/debiantemp/emacs-jabber", "refsource": "CONFIRM", "url": "http://dev.gentoo.org/~rbu/security/debiantemp/emacs-jabber"}, {"name": "emacsjabber-emacsjabber-symlink(46409)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46409"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:31:28.303Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/496428"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://dev.gentoo.org/~rbu/security/debiantemp/emacs-jabber"}, {"name": "emacsjabber-emacsjabber-symlink(46409)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46409"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4952", "datePublished": "2008-11-05T14:51:00", "dateReserved": "2008-11-05T00:00:00", "dateUpdated": "2024-08-07T10:31:28.303Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emacs:emacs-jabber:0.7.91:*:*:*:*:*:*:*", "matchCriteriaId": "B121219F-9175-483E-B52D-AA12D18F5695", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file."}, {"lang": "es", "value": "emacs-jabber de emacs-jabber v0.7.91, permite a usuarios locales sobrescribir ficheros de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico en un fichero temporal /tmp/*.log."}], "id": "CVE-2008-4952", "lastModified": "2024-11-21T00:52:55.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-11-05T15:00:15.243", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/496428"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://dev.gentoo.org/~rbu/security/debiantemp/emacs-jabber"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"source": "cve@mitre.org", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/496428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://dev.gentoo.org/~rbu/security/debiantemp/emacs-jabber"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46409"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}