CVE-2008-0884

Name: CVE-2008-0884
Creator: NVD / NIST
Published: 2008-04-04T00:44:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.36%

Last modified Jun 16, 2026

CVE-2008-0884 is a vulnerability of currently unknown severity. The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable permissions for the /etc/pam.d/system-auth-ac file, which allows local users to gain privileges by modifying this file.. EPSS estimates a 0.36% chance of exploitation in the next 30 days.

Description

The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable permissions for the /etc/pam.d/system-auth-ac file, which allows local users to gain privileges by modifying this file.

Metrics

EPSS Probability

0.36%

28.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-732

Affected Software

Vendor	Product	Versions
Redhat	Enterprise Linux	5.0

References

http://rhn.redhat.com/errata/RHSA-2008-0193.htmlThird Party Advisory
http://secunia.com/advisories/29642Broken Link
http://securitytracker.com/id?1019740Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/28557Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=435442Issue Tracking, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41584Third Party Advisory, VDB Entry
http://rhn.redhat.com/errata/RHSA-2008-0193.htmlThird Party Advisory
http://secunia.com/advisories/29642Broken Link
http://securitytracker.com/id?1019740Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/28557Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=435442Issue Tracking, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41584Third Party Advisory, VDB Entry

Timeline

Published: Apr 4, 2008
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2008-0884?

How severe is CVE-2008-0884?

Severity scoring for CVE-2008-0884 is pending analysis. The EPSS model estimates a 0.36% probability of exploitation in the next 30 days.

How do I fix CVE-2008-0884?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-0884?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST