CVE-2008-3278
HIGHfrysk < 2008-08-05 - Local Privilege Escalation via Insecure RPATH in ELF Binaries
Title source: llmDescription
frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2008-3278
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3278
Vendor Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2008-3278
Scores
CVSS v3
7.8
EPSS
0.0035
EPSS Percentile
26.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-1188
Status
published
Products (1)
redhat/frysk
< 2008-08-05
Published
Nov 07, 2019
Tracked Since
Feb 18, 2026