Vulnerabilities > CVE-2008-3278 - Insecure Default Initialization of Resource vulnerability in Redhat Frysk 20080805
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
OS | 1 |
Common Weakness Enumeration (CWE)
References
- https://access.redhat.com/security/cve/cve-2008-3278
- https://access.redhat.com/security/cve/cve-2008-3278
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3278
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3278
- https://security-tracker.debian.org/tracker/CVE-2008-3278
- https://security-tracker.debian.org/tracker/CVE-2008-3278