OpenCVE

ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnu	Ibackup

Configuration 1 [-]

cpe:2.3:a:gnu:ibackup:2.27:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496432
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496464
http://dev.gentoo.org/~rbu/security/debiantemp/ibackup
http://lists.debian.org/debian-devel/2008/08/msg00271.html
http://www.openwall.com/lists/oss-security/2008/10/30/2
https://bugs.gentoo.org/show_bug.cgi?id=235770
https://exchange.xforce.ibmcloud.com/vulnerabilities/45852

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-07T21:00:00

Updated: 2024-08-07T10:17:09.682Z

Reserved: 2008-10-07T00:00:00

Link: CVE-2008-4475

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-10-07T21:11:38.527

Modified: 2024-11-21T00:51:46.073

Link: CVE-2008-4475

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496464"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://dev.gentoo.org/~rbu/security/debiantemp/ibackup"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496432"}, {"name": "ibackup-unspecified-symlink(45852)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45852"}, {"name": "[debian-devel] 20080811 Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.debian.org/debian-devel/2008/08/msg00271.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4475", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", "refsource": "CONFIRM", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496464", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496464"}, {"name": "http://dev.gentoo.org/~rbu/security/debiantemp/ibackup", "refsource": "CONFIRM", "url": "http://dev.gentoo.org/~rbu/security/debiantemp/ibackup"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496432", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496432"}, {"name": "ibackup-unspecified-symlink(45852)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45852"}, {"name": "[debian-devel] 20080811 Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", "refsource": "MLIST", "url": "http://lists.debian.org/debian-devel/2008/08/msg00271.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:17:09.682Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496464"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://dev.gentoo.org/~rbu/security/debiantemp/ibackup"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496432"}, {"name": "ibackup-unspecified-symlink(45852)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45852"}, {"name": "[debian-devel] 20080811 Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.debian.org/debian-devel/2008/08/msg00271.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4475", "datePublished": "2008-10-07T21:00:00", "dateReserved": "2008-10-07T00:00:00", "dateUpdated": "2024-08-07T10:17:09.682Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:ibackup:2.27:*:*:*:*:*:*:*", "matchCriteriaId": "69CD36E6-10A4-45BD-8925-162983089ED3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files."}, {"lang": "es", "value": "ibackup 2.27 permite a los usuarios locales sobrescribir arbitrariamente archivos a trav\u00e9s de un ataque de enlaces simb\u00f3licos en un fichero temporal no especificado."}], "id": "CVE-2008-4475", "lastModified": "2024-11-21T00:51:46.073", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-07T21:11:38.527", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496432"}, {"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496464"}, {"source": "cve@mitre.org", "url": "http://dev.gentoo.org/~rbu/security/debiantemp/ibackup"}, {"source": "cve@mitre.org", "url": "http://lists.debian.org/debian-devel/2008/08/msg00271.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"source": "cve@mitre.org", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45852"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496432"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496464"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dev.gentoo.org/~rbu/security/debiantemp/ibackup"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.debian.org/debian-devel/2008/08/msg00271.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45852"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}