exploitDog

CVE-2008-4832

Опубликовано: 17 нояб. 2008

Источник: nvd

CVSS2: 6.9

EPSS Низкий

Описание

rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:rpath:initscripts:8.12-8.21:*:*:*:*:*:*:*

cpe:2.3:a:rpath:initscripts:8.56.15-0.1:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:rpath:appliance_platform_linux_service:1:*:*:*:*:*:*:*

cpe:2.3:o:rpath:appliance_platform_linux_service:2:*:*:*:*:*:*:*

cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:*

cpe:2.3:o:rpath:linux:2:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.0002

Низкий

6.9 Medium

CVSS2

Дефекты

CWE-59

Связанные уязвимости

GHSA-hh9c-wjp6-58h4

github

больше 3 лет назад

rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.

EPSS

Процентиль: 5%

0.0002

Низкий

6.9 Medium

CVSS2

Дефекты

CWE-59