CVE-2008-5135

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2008-5135

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2008-5135.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2008-5135

Downstream

BELL-CVE-2008-5135

DEBIAN-CVE-2008-5135

Published

2008-11-18T16:00:01Z

Modified

2026-04-10T03:40:20.333604Z

Summary

[none]

Details

os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users.

Database specific

{
    "isDisputed": true
}

References

http://lists.debian.org/debian-devel/2008/08/msg00285.html
http://lists.debian.org/debian-devel/2008/08/msg00296.html

CVE-2008-5135

Affected packages