6.9
CVE-2008-5312
- EPSS 0.02%
- Veröffentlicht 03.12.2008 17:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginmailscanner 4.55.10 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, and (5) rav-autoupdate.new scripts in /etc/MailScanner/autoupdate/, a different vulnerability than CVE-2008-5140.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mailscanner ≫ Mailscanner Version4.55.10
Mailscanner ≫ Mailscanner Version4.56.8-1
Mailscanner ≫ Mailscanner Version4.57.7-1
Mailscanner ≫ Mailscanner Version4.58.9-1
Mailscanner ≫ Mailscanner Version4.59.4-2
Mailscanner ≫ Mailscanner Version4.60.8-1
Mailscanner ≫ Mailscanner Version4.61.7-2
Mailscanner ≫ Mailscanner Version4.62.9-3
Mailscanner ≫ Mailscanner Version4.63.8-1
Mailscanner ≫ Mailscanner Version4.64.3-2
Mailscanner ≫ Mailscanner Version4.65.3-1
Mailscanner ≫ Mailscanner Version4.66.5-3
Mailscanner ≫ Mailscanner Version4.67.6-1
Mailscanner ≫ Mailscanner Version4.68.8
Mailscanner ≫ Mailscanner Version4.68.8-1
Mailscanner ≫ Mailscanner Version4.69.9-3
Mailscanner ≫ Mailscanner Version4.70.7-1
Mailscanner ≫ Mailscanner Version4.71.10-1
Mailscanner ≫ Mailscanner Version4.72.5-1
Mailscanner ≫ Mailscanner Version4.73.4-2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.036 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.