CVE-2008-5135

Publication date 18 November 2008

Last updated 4 August 2025

Ubuntu priority

Description

os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
os-prober	9.10 karmic	Ignored
	9.04 jaunty	Ignored
	8.10 intrepid	Ignored
	8.04 LTS hardy	Ignored
	7.10 gutsy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

upstream disputes this, let's ignore

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2008-5135