CVE-2008-5312

CVSS 6.9 - MEDIUM
Description

mailscanner 4.55.10 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, and (5) rav-autoupdate.new scripts in /etc/MailScanner/autoupdate/, a different vulnerability than CVE-2008-5140.

Affected Products
20
Vendor Product Version
mailscanner mailscanner 4.55.10
mailscanner mailscanner 4.56.8-1
mailscanner mailscanner 4.57.7-1
mailscanner mailscanner 4.58.9-1
mailscanner mailscanner 4.59.4-2
mailscanner mailscanner 4.60.8-1
mailscanner mailscanner 4.61.7-2
mailscanner mailscanner 4.62.9-3
mailscanner mailscanner 4.63.8-1
mailscanner mailscanner 4.64.3-2
mailscanner mailscanner 4.65.3-1
mailscanner mailscanner 4.66.5-3
mailscanner mailscanner 4.67.6-1
mailscanner mailscanner 4.68.8
mailscanner mailscanner 4.68.8-1
mailscanner mailscanner 4.69.9-3
mailscanner mailscanner 4.70.7-1
mailscanner mailscanner 4.71.10-1
mailscanner mailscanner 4.72.5-1
mailscanner mailscanner 4.73.4-2
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5...
http://secunia.com/advisories/33117
http://www.mailscanner.info/ChangeLog
http://www.openwall.com/lists/oss-security/2008/11...
http://www.securityfocus.com/bid/32557
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5...
http://secunia.com/advisories/33117
http://www.mailscanner.info/ChangeLog
http://www.openwall.com/lists/oss-security/2008/11...
http://www.securityfocus.com/bid/32557
Weakness Types
CWE-59
CVE Information
CVE ID:
CVE-2008-5312
Published:
2008-12-03
Modified:
2026-04-23
CVSS Score:
6.9
Severity:
MEDIUM
Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
Affected Vendors
mailscanner
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL