CVE-2008-4955

NameCVE-2008-4955
Descriptionfreevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)
Debian Bugs496373

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freevo (PTS)jessie1.9.2b2-4.2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freevosource(unstable)(unfixed)unimportant496373

Notes

Only exploitable when modifying script by hand

Search for package or bug name: Reporting problems