CVE-2008-4955

Publication date 5 November 2008

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

Description

freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code.

Read the notes from the security team

Status

Package Ubuntu Release Status
freevo 9.10 karmic Ignored
9.04 jaunty Ignored
8.10 intrepid Ignored
8.04 LTS hardy Not in release
7.10 gutsy Not in release
6.06 LTS dapper Not in release

Notes

mdeslaur

can't be exploited, ignore

References

Other references

Access our resources on patching vulnerabilities