VDB
CVE-2008-4959
CVE-2008-4959
PUBLISHED
CVSS 6.900000095367432 MEDIUM
geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files.
EPSS 0.06% · 18.8th percentile
Risk Scores
CVSS 2.0
6.900000095367432
EPSS Score
0.06%
18.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| gpsdrive | gpsdrive-scripts | 2.10 |
Timeline
- Nov 5, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- gpsdrive-geocode-symlink(44759) vdb
- FEDORA-2009-1366 vendor-advisory
- [oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire mailing-list
- https://bugs.gentoo.org/show_bug.cgi?id=235770 url
- http://bugs.debian.org/496436 url
- 30905 vdb
- http://uvw.ru/report.lenny.txt url
- http://dev.gentoo.org/~rbu/security/debiantemp/gpsdrive-scripts url
- 31694 third-party-advisory
- 33825 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-4959 advisory