QwikSec

Security Database

CVE

CWE

Training

CVE-2008-0525

Published: Jan 31, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=527

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

https://secure-support.novell.com/KanisaPlatform/Publishing/18/3908994_f.SAL_Public.html

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=528

x_refsource_CONFIRM

third-party-advisory

x_refsource_SREASON

patchlinkupdate-reboottask-symlink(39958)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

patchlinkupdate-logtrimmer-symlink(39956)

vdb-entry

x_refsource_XF

http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=530

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

20080125 Two vulnerabilities for PatchLink Update Client for Unix.

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.