CVE-2008-3278
First published: Thu Jun 12 2008(Updated: )
frysk packages as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of the multiple binaries shipped in the package. This issue can possibly be exploited by a local attacker to run arbitrary code as some other user if victim user can be convinced to run one of the affected frysk commands in an attacker controlled directory with specially crafted content. Affected binaries: /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) RPATH: @RPATH@
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/frysk | ||
| Redhat Frysk | <=2008-08-05 | |
| Redhat Enterprise Linux | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2008-3278
- https://access.redhat.com/security/cve/cve-2008-3278
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3278
- https://www.cve.org/CVERecord?id=CVE-2008-3278 https://nvd.nist.gov/vuln/detail/CVE-2008-3278
- https://bugzilla.redhat.com/show_bug.cgi?id=457939
- collector/nvd-historical
- collector/redhat-cve
- collector/redhat-bugzilla
- alias/CVE-2008-3278
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- vendor/redhat
- canonical/redhat frysk
- version/redhat frysk/2008-08-05
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5.0
- package-manager/debian