Local File Overwrite Vulnerability in dpkg-cross by the Debian Project
CVE-2008-4950

Currently unrated

Key Information:

Vendor: Debian
Status: Dpkg-cross
Vendor: CVE Published:; 5 November 2008

Summary

The dpkg-cross tool version 2.3.0 contains a vulnerability that allows local users to overwrite arbitrary files through a symlink attack on the temporary log file created during its operation. This issue arises when the tool improperly handles temporary file creation, leading to the risk of unauthorized file modification. Although the vendor has disputed the existence of this vulnerability, highlighting that it operates in controlled environments, the technical implications underscore a potential risk for file integrity in specific usage scenarios.

References

http://dev.gentoo.org/~rbu/security/debiantemp/dpkg-cross

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2008/10/30/2

mailing-listx_refsource_MLIST

https://bugs.gentoo.org/show_bug.cgi?id=235770

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 5, 2008