QwikSec

Security Database

CVE

CWE

Training

CVE-2008-4976

Published: Nov 6, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/ogle_audio.#####, (b) /tmp/ogle_cli.#####, (c) /tmp/ogle_ctrl.#####, (d) /tmp/ogle_gui.#####, (e) /tmp/ogle_mpeg_ps.#####, (f) /tmp/ogle_mpeg_vs.#####, (g) /tmp/ogle_nav.#####, and (h) /tmp/ogle_vout.#####, temporary files, related to the (1) ogle_audio_debug, (2) ogle_cli_debug, (3) ogle_ctrl_debug, (4) ogle_gui_debug, (5) ogle_mpeg_ps_debug, (6) ogle_mpeg_vs_debug, (7) ogle_nav_debug, and (8) ogle_vout_debug scripts.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://dev.gentoo.org/~rbu/security/debiantemp/ogle-mmx

x_refsource_CONFIRM

[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire

mailing-list

x_refsource_MLIST

https://bugs.gentoo.org/show_bug.cgi?id=235770

x_refsource_CONFIRM

http://dev.gentoo.org/~rbu/security/debiantemp/ogle

x_refsource_CONFIRM

http://uvw.ru/report.lenny.txt

x_refsource_MISC

vdb-entry

x_refsource_BID

ogledvdplayer-file-symlink(44832)

vdb-entry

x_refsource_XF

http://bugs.debian.org/496420

x_refsource_CONFIRM

http://bugs.debian.org/496425

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.