CVE-2008-5144

nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.debian.org/debian-devel/2008/08/msg00285.html
http://www.securityfocus.com/bid/32411

Configurations

Configuration 1 (hide)

cpe:2.3:a:federico_di_gregorio:nvidia-cg-toolkit:2.0.0015:*:*:*:*:*:*:*

Information

Published : 2008-11-18 08:00

Updated : 2009-02-16 22:53

NVD link : CVE-2008-5144

Mitre link : CVE-2008-5144

JSON object : View

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

Products Affected

federico_di_gregorio

nvidia-cg-toolkit

6.9 /10