File Overwrite Vulnerability in Debian Login for GNU/Linux
CVE-2008-5394

Currently unrated

Key Information:

Vendor: Debian
Status: Shadow
Vendor: CVE Published:; 9 December 2008

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2008-5394?

A vulnerability exists in the login utility within the shadow package for Debian GNU/Linux that allows local users in the utmp group to exploit a symlink attack. By manipulating a temporary file referenced in a utmp entry, these users can overwrite arbitrary files. This flaw highlights the risks associated with user permissions and file handling in operating system utilities.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-5394 - Proof of Concept

References

http://osvdb.org/52200

vdb-entryx_refsource_OSVDB

http://bugs.debian.org/505271

x_refsource_CONFIRM

http://www.securityfocus.com/bid/32552

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 9, 2008
👾
Exploit known to exist
Dec 9, 2008
Vulnerability published
Dec 9, 2008
Vulnerability Reserved
Dec 8, 2008

CVE-2008-5394 Data

JSON