CVE-2008-4996

Published: 07 November 2008

** DISPUTED ** init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable."

Priority

Negligible

Status

Package Release Status
initramfs-tools
Launchpad, Ubuntu, Debian 		Upstream Ignored

Notes

AuthorNote
jdstrand 
per upstream, occurs in init, which is a single-user context
mdeslaur 
not exploitable, let's ignore

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading