CVE-2008-4474
 
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.
freeradius-dialupadmin en freeradius 2.0.4 permite a los usuario locales sobrescribir arbitrariamente archivos a través de un ataque de enlace simbólico en un archivo temporal en (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, y (5) truncate_radacct.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-10-07 CVE Reserved
- 2008-10-07 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389 | X_refsource_confirm | |
http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin | X_refsource_confirm | |
http://lists.debian.org/debian-devel/2008/08/msg00271.html | Mailing List | |
http://secunia.com/advisories/32170 | Third Party Advisory | |
http://secunia.com/advisories/33151 | Third Party Advisory | |
http://uvw.ru/report.lenny.txt | X_refsource_misc | |
http://www.openwall.com/lists/oss-security/2008/10/30/2 | Mailing List | |
http://www.securityfocus.com/bid/30901 | Vdb Entry | |
https://bugs.gentoo.org/show_bug.cgi?id=235770 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html | 2009-02-06 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Freeradius Search vendor "Freeradius" | Freeradius Search vendor "Freeradius" for product "Freeradius" | 2.0.4 Search vendor "Freeradius" for product "Freeradius" and version "2.0.4" | - |
Affected
|