CVE-2008-5135
os-prober 1.17 - Arbitrary File Overwrite via Symlink Attack on Temporary Files
Title source: llmDescription
os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
http://lists.debian.org/debian-devel/2008/08/msg00296.html
Mailing List mailing-list
x_refsource_mlist
http://lists.debian.org/debian-devel/2008/08/msg00285.html
Scores
EPSS
0.0037
EPSS Percentile
28.5%
Details
CWE
CWE-59
Status
published
Products (1)
debian/os-prober
1.17
Published
Nov 18, 2008
Tracked Since
Feb 18, 2026