CVE Daily

CVE-2008-5007

create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite o...

Medium CVSS 6.9

Overview

create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.

CWE: CWE-59 Published: 2008-11-10T14:12:56.200
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.9 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags