Symlink Attack Vulnerability in Website META Language by WML
CVE-2008-0666

Currently unrated

Key Information:

Vendor: Website Meta Language
Status: Website Meta Language
Vendor: CVE Published:; 11 February 2008

🔔 Create Website Meta Language Vulnerability Alert

What is CVE-2008-0666?

The vulnerability in Website META Language 2.0.11 allows local users to exploit symlink attacks, enabling them to overwrite arbitrary files. This occurs through the exposure of temporary files, specifically the /tmp/pe.tmp.$$ file utilized by wml_contrib/wmg.cgi and other temporary files managed by the wml_backend/p3_eperl/eperl_sys.c module. This flaw poses a risk to system integrity, potentially allowing unauthorized access to sensitive information and system functions.

References

http://www.securityfocus.com/bid/27685

vdb-entryx_refsource_BID

http://secunia.com/advisories/29353

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2008/dsa-1492

vendor-advisoryx_refsource_DEBIAN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2008
Vulnerability Reserved
Feb 7, 2008