CVE-2008-4996

ADVISORY - nist

Summary

init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable.

EPSS Score⁠: 0.00108 (0.291)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-59⁠

Improper Link Resolution Before File Access ('Link Following')

Impacted images

Advisories

NIST

CREATED

17 years ago

UPDATED

10 months ago

ADVISORY IDCVE-2008-4996⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-59⁠

CVSS SCORE

5.5medium

Debian

CREATED

17 years ago

UPDATED

27 days ago

ADVISORY IDCVE-2008-4996⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

17 years ago

UPDATED

7 months ago

ADVISORY IDCVE-2008-4996⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

intheWild

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDCVE-2008-4996⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY