Vulnerabilities > CVE-2008-3278 - Insecure Default Initialization of Resource vulnerability in Redhat Frysk 20080805

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

redhat

CWE-1188

NVD

Published: 2019-11-07

Updated: 2019-11-13

Summary

frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Frysk - Redhat Frysk 2008-08-05	2
OS	Redhat Redhat Enterprise Linux 5.0	1

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://access.redhat.com/security/cve/cve-2008-3278
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3278
https://security-tracker.debian.org/tracker/CVE-2008-3278