Strix
26.1K

CVE-2008-4953

UnknownEPSS 0.30%

Last modified

CVE-2008-4953 is a vulnerability of currently unknown severity. firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks.. EPSS estimates a 0.30% chance of exploitation in the next 30 days.

Description

firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks.

Metrics

EPSS Probability
0.30%

21.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
FireholFirehol1.256

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2008-4953?
firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks.
How severe is CVE-2008-4953?
Severity scoring for CVE-2008-4953 is pending analysis. The EPSS model estimates a 0.30% probability of exploitation in the next 30 days.
How do I fix CVE-2008-4953?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-4953?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST