{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-14T00:00:00", "descriptions": [{"lang": "en", "value": "expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2008-10755", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00273.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=210158"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0088"}, {"name": "29144", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29144"}, {"name": "29694", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29694"}, {"name": "20080228 rPSA-2008-0088-1 am-utils", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/488931/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-2255"}, {"name": "29187", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29187"}, {"name": "28044", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28044"}, {"name": "GLSA-200804-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-09.xml"}, {"name": "33400", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33400"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:08:57.707Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2008-10755", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00273.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=210158"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0088"}, {"name": "29144", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29144"}, {"name": "29694", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29694"}, {"name": "20080228 rPSA-2008-0088-1 am-utils", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/488931/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-2255"}, {"name": "29187", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29187"}, {"name": "28044", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28044"}, {"name": "GLSA-200804-09", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-09.xml"}, {"name": "33400", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33400"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-1078", "datePublished": "2008-02-29T02:00:00", "dateReserved": "2008-02-28T00:00:00", "dateUpdated": "2024-08-07T08:08:57.707Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E", "vulnerable": true}, {"criteria": "cpe:2.3:o:rpath:rpath_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "745FEF27-20CE-4508-8373-421092A8C8A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1."}, {"lang": "es", "value": "expn en los paquetes am-utils y net-fs para Gentoo, rPath Linux y otras distribuciones, permite a usuarios locales sobrescribir archivos arbitrarios mediante un ataque de tipo symlink en el archivo temporal expn[PID]. NOTA: este es el mismo problema de CVE-2003-0308.1."}], "id": "CVE-2008-1078", "lastModified": "2023-11-07T02:01:52.253", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-02-29T02:44:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=210158"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29144"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29187"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29694"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33400"}, {"source": "secalert@redhat.com", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0088"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-09.xml"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/488931/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/28044"}, {"source": "secalert@redhat.com", "url": "https://issues.rpath.com/browse/RPL-2255"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00273.html"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "The risks associated with fixing this bug are greater than the low severity security risk.We therefore currently have no plans to fix this flaw in Red HatEnterprise Linux.\n\nFor more information please see the following bug:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=435420", "lastModified": "2008-03-04T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "am-utils: insecure usage of temporary files", "id": "435420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=435420"}, "csaw": false, "details": ["expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1."], "name": "CVE-2008-1078", "public_date": "2008-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-1078\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-1078"], "statement": "The risks associated with fixing this bug are greater than the low severity security risk.We therefore currently have no plans to fix this flaw in Red HatEnterprise Linux.\nFor more information please see the following bug:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=435420", "threat_severity": "Low"}