init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable.
References
Configurations
History
07 Nov 2023, 02:02
Type | Values Removed | Values Added |
---|---|---|
Summary | init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable. |
Information
Published : 2008-11-07 19:36
Updated : 2024-08-07 11:15
NVD link : CVE-2008-4996
Mitre link : CVE-2008-4996
CVE.ORG link : CVE-2008-4996
JSON object : View
Products Affected
debian
- initramfs-tools
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')