Symlink Vulnerability in Python 2.4.5 FAQ Wizard Tool
CVE-2008-4108

Currently unrated

Key Information:

Vendor: Python Software Foundation
Status: Python
Vendor: CVE Published:; 18 September 2008

🔔 Create Python Software Foundation Vulnerability Alert

What is CVE-2008-4108?

The FAQ Wizard moving tool in Python 2.4.5 is susceptible to a symlink attack, enabling local users to overwrite files via a temporary file located in a potentially untrusted directory. This flaw can lead to unauthorized file modifications, creating significant security risks if exploited properly. Users should ensure their systems are secured against such vulnerabilities by applying appropriate precautions and updates.

References

http://securityreason.com/securityalert/4274

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/31184

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/45161

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2008
Vulnerability Reserved
Sep 15, 2008