CVE-2008-4832

Published: Nov 17, 2008Modified: Apr 23, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.

Affected (2)

Products: Rpath: Initscripts

1 product

Configuration A

2 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Rpath Initscripts	Version 8.12-8.21
Rpath Initscripts	Version 8.56.15-0.1

Running on/with	Platform Versions
Rpath Appliance Platform Linux Service	Version 1
Rpath Appliance Platform Linux Service	Version 2
Rpath Linux	Version 1
Rpath Linux	Version 2

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (8)

http://secunia.com/advisories/32710

Source: cve@mitre.org

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/46700

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-2857

Source: cve@mitre.org

http://secunia.com/advisories/32710

Source: af854a3a-2127-422b-91ae-364da2661108

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0318

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/46700

Source: af854a3a-2127-422b-91ae-364da2661108

https://issues.rpath.com/browse/RPL-2857

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.