CVE-2008-4832 - OpenCVE

rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rpath	Appliance Platform Linux Service Initscripts Linux

Configuration 1 [-]

AND

OR	cpe:2.3:a:rpath:initscripts:8.12-8.21:::::::*
	cpe:2.3:a:rpath:initscripts:8.56.15-0.1:::::::*

OR	cpe:2.3:o:rpath:appliance_platform_linux_service:1:::::::*
	cpe:2.3:o:rpath:appliance_platform_linux_service:2:::::::*
	cpe:2.3:o:rpath:linux:1:::::::*
	cpe:2.3:o:rpath:linux:2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/32710
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318
https://exchange.xforce.ibmcloud.com/vulnerabilities/46700
https://issues.rpath.com/browse/RPL-2857

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-11-17T23:00:00

Updated: 2024-08-07T10:31:27.842Z

Reserved: 2008-10-31T00:00:00

Link: CVE-2008-4832

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-11-17T23:30:00.467

Modified: 2017-08-08T01:32:57.563

Link: CVE-2008-4832

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-12T00:00:00", "descriptions": [{"lang": "en", "value": "rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32710", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32710"}, {"name": "rpath-initscripts-rcsysinit-symlink(46700)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46700"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-2857"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4832", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32710", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32710"}, {"name": "rpath-initscripts-rcsysinit-symlink(46700)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46700"}, {"name": "https://issues.rpath.com/browse/RPL-2857", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-2857"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:31:27.842Z"}, "title": "CVE Program Container", "references": [{"name": "32710", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32710"}, {"name": "rpath-initscripts-rcsysinit-symlink(46700)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46700"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-2857"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4832", "datePublished": "2008-11-17T23:00:00", "dateReserved": "2008-10-31T00:00:00", "dateUpdated": "2024-08-07T10:31:27.842Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rpath:initscripts:8.12-8.21:*:*:*:*:*:*:*", "matchCriteriaId": "332AE477-DD2E-4012-9DFD-EC9A2FD5294C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rpath:initscripts:8.56.15-0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6887AA0A-EF95-4723-B059-C098935C60CF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:rpath:appliance_platform_linux_service:1:*:*:*:*:*:*:*", "matchCriteriaId": "23EA5FFA-702B-49D1-AF5F-518DE7FA6099", "vulnerable": false}, {"criteria": "cpe:2.3:o:rpath:appliance_platform_linux_service:2:*:*:*:*:*:*:*", "matchCriteriaId": "55F9B489-0F83-4812-A2CA-A7607E7BCEAA", "vulnerable": false}, {"criteria": "cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:*", "matchCriteriaId": "A2B66383-4124-4579-BC8E-36DBE7ABB543", "vulnerable": false}, {"criteria": "cpe:2.3:o:rpath:linux:2:*:*:*:*:*:*:*", "matchCriteriaId": "48D2FD6E-C9C1-4DF0-9F01-E869FA97B153", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time."}, {"lang": "es", "value": "rc.sysinit en el paquete initscripts en sus versiones 8.12-8.21 y 8.56.15-0.1 de rPath permite a usuarios locales borrar archivos arbitrarios a trav\u00e9s de un ataque de seguimiento de enlace simb\u00f3licos sobre un directorio bajo (1) /var/lock o (2) /var/run. NOTA: Este problema existe debido a una condici\u00f3n de carrera en una incorrecta soluci\u00f3n a la vulnerabilidad CVE-2008-3524. NOTA: La explotaci\u00f3n podr\u00e1 exigir un escenario inusual en el que se ejecuta rc.sysinit en un momento distinto al arranque del sistema."}], "id": "CVE-2008-4832", "lastModified": "2017-08-08T01:32:57.563", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-11-17T23:30:00.467", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32710"}, {"source": "cve@mitre.org", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46700"}, {"source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-2857"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}