File Overwrite Vulnerability in Debian Login for GNU/Linux
CVE-2008-5394

Currently unrated

Key Information:

Vendor: Debian
Status: Shadow
Vendor: CVE Published:; 9 December 2008

What is CVE-2008-5394?

A vulnerability exists in the login utility within the shadow package for Debian GNU/Linux that allows local users in the utmp group to exploit a symlink attack. By manipulating a temporary file referenced in a utmp entry, these users can overwrite arbitrary files. This flaw highlights the risks associated with user permissions and file handling in operating system utilities.

References

http://osvdb.org/52200

vdb-entryx_refsource_OSVDB

http://bugs.debian.org/505271

x_refsource_CONFIRM

http://www.securityfocus.com/bid/32552

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Dec 9, 2008
Vulnerability Reserved
Dec 8, 2008

JSON