Security Database IT Watching - Alert Detail

SECURITY DATABASE

SDCON :

(Medium)

INTERNAL RELATED (Quick)

Related
USN-707-1	(High)

OTHER

Report an error

OPEN STANDARDS

INFORMATION

Name	:	CVE-2008-5377	First Publication	:	2008-12-08
Severity	:	Medium	Last Modification	:	2009-01-06

SCORING CVSS v2

Cvss Base Score	:	6.9	Attack Range	:	Local
Cvss Impact Score	:	10	Attack Complexity	:	Medium
Cvss Expoit Score	:	3.4	Authentification	:	None Required
Calculate full CVSS 2.0 Vectors scores

DETAIL

pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.

CWE COMMON WEAKNESS ENUMERATION

Weakness : CWE-59 - Improper Link Resolution Before File Access ('Link Following') (From NVD)

CPE COMMON PLATEFORM ENUMERATION (from NVD)

Application : Apple Cups
- cpe:/a:apple:cups:1.3.8

OPEN SOURCE VULNERABILITY DATABASE (OSVDB)

50637 : CUPS pstopdf /tmp/pstopdf.log Temporary File Symlink Arbitrary File Overwrite.

SECONDARY(S) SOURCE(S)

Source : MILW0RM
Url : http://www.milw0rm.com/exploits/7550

Source : MISC
Url : http://uvw.ru/report.sid.txt

Source : MLIST
Url : http://lists.debian.org/debian-devel/2008/08/msg00347.html