Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2008-5144

Improper Link Resolution Before File Access ('Link Following')

Published: Nov 18, 2008 | Modified: Feb 17, 2009
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
NEGLIGIBLE
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2008-5144
CWEhttps://cwe.mitre.org/data/definitions/59.html

nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name Vendor Start Version End Version
Nvidia-cg-toolkit Federico_di_gregorio 2.0.0015 (including) 2.0.0015 (including)
Nvidia-cg-toolkit Ubuntu artful *
Nvidia-cg-toolkit Ubuntu bionic *
Nvidia-cg-toolkit Ubuntu cosmic *
Nvidia-cg-toolkit Ubuntu devel *
Nvidia-cg-toolkit Ubuntu disco *
Nvidia-cg-toolkit Ubuntu eoan *
Nvidia-cg-toolkit Ubuntu esm-apps/bionic *
Nvidia-cg-toolkit Ubuntu esm-apps/focal *
Nvidia-cg-toolkit Ubuntu esm-apps/jammy *
Nvidia-cg-toolkit Ubuntu esm-apps/noble *
Nvidia-cg-toolkit Ubuntu esm-apps/xenial *
Nvidia-cg-toolkit Ubuntu focal *
Nvidia-cg-toolkit Ubuntu groovy *
Nvidia-cg-toolkit Ubuntu gutsy *
Nvidia-cg-toolkit Ubuntu hardy *
Nvidia-cg-toolkit Ubuntu hirsute *
Nvidia-cg-toolkit Ubuntu impish *
Nvidia-cg-toolkit Ubuntu intrepid *
Nvidia-cg-toolkit Ubuntu jammy *
Nvidia-cg-toolkit Ubuntu jaunty *
Nvidia-cg-toolkit Ubuntu karmic *
Nvidia-cg-toolkit Ubuntu kinetic *
Nvidia-cg-toolkit Ubuntu lucid *
Nvidia-cg-toolkit Ubuntu lunar *
Nvidia-cg-toolkit Ubuntu mantic *
Nvidia-cg-toolkit Ubuntu maverick *
Nvidia-cg-toolkit Ubuntu natty *
Nvidia-cg-toolkit Ubuntu noble *
Nvidia-cg-toolkit Ubuntu oneiric *
Nvidia-cg-toolkit Ubuntu oracular *
Nvidia-cg-toolkit Ubuntu precise *
Nvidia-cg-toolkit Ubuntu quantal *
Nvidia-cg-toolkit Ubuntu raring *
Nvidia-cg-toolkit Ubuntu saucy *
Nvidia-cg-toolkit Ubuntu trusty *
Nvidia-cg-toolkit Ubuntu utopic *
Nvidia-cg-toolkit Ubuntu vivid *
Nvidia-cg-toolkit Ubuntu wily *
Nvidia-cg-toolkit Ubuntu xenial *
Nvidia-cg-toolkit Ubuntu yakkety *
Nvidia-cg-toolkit Ubuntu zesty *

Potential Mitigations

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use