{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-24T00:00:00", "descriptions": [{"lang": "en", "value": "extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2008-8379", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00010.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460435"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496431"}, {"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"name": "32071", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32071"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"name": "31880", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31880"}, {"name": "31241", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31241"}, {"name": "emacspeak-extracttable-symlink(45237)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45237"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://dev.gentoo.org/~rbu/security/debiantemp/emacspeak"}, {"name": "FEDORA-2008-8423", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00012.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2008-4191", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2008-8379", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00010.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=460435", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460435"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496431", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496431"}, {"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"name": "32071", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32071"}, {"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", "refsource": "CONFIRM", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"name": "31880", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31880"}, {"name": "31241", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31241"}, {"name": "emacspeak-extracttable-symlink(45237)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45237"}, {"name": "http://dev.gentoo.org/~rbu/security/debiantemp/emacspeak", "refsource": "CONFIRM", "url": "http://dev.gentoo.org/~rbu/security/debiantemp/emacspeak"}, {"name": "FEDORA-2008-8423", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00012.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:08:34.888Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2008-8379", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00010.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460435"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496431"}, {"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"name": "32071", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32071"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"name": "31880", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31880"}, {"name": "31241", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31241"}, {"name": "emacspeak-extracttable-symlink(45237)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45237"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://dev.gentoo.org/~rbu/security/debiantemp/emacspeak"}, {"name": "FEDORA-2008-8423", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00012.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4191", "datePublished": "2008-09-24T10:00:00", "dateReserved": "2008-09-23T00:00:00", "dateUpdated": "2024-08-07T10:08:34.888Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emacspeak_inc:emacspeak:26.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F6E35E9-FF83-4771-A0DD-49EE727E8171", "vulnerable": true}, {"criteria": "cpe:2.3:a:emacspeak_inc:emacspeak:28.0:*:*:*:*:*:*:*", "matchCriteriaId": "6DB0D342-8EFD-4EEB-B51C-76526406FBC3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file."}, {"lang": "es", "value": "extract-table.pl de Emacspeak 26 y 28 permite a usuarios locales sobrescribir archivos de su elecci\u00f3n mediante un ataque de enlaces simb\u00f3licos en el archivo temporal extract-table.csv"}], "id": "CVE-2008-4191", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-24T11:42:25.280", "references": [{"source": "[email protected]", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496431"}, {"source": "[email protected]", "url": "http://dev.gentoo.org/~rbu/security/debiantemp/emacspeak"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31880"}, {"source": "[email protected]", "url": "http://secunia.com/advisories/32071"}, {"source": "[email protected]", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/bid/31241"}, {"source": "[email protected]", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"source": "[email protected]", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460435"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45237"}, {"source": "[email protected]", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00010.html"}, {"source": "[email protected]", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496431"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dev.gentoo.org/~rbu/security/debiantemp/emacspeak"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31880"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32071"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/31241"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45237"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00012.html"}], "sourceIdentifier": "[email protected]", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=460435\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/", "lastModified": "2008-10-17T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "emacspeak: Insecure auxiliary /tmp file usage (symlink attack possible)", "id": "460435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460435"}, "csaw": false, "details": ["extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file."], "name": "CVE-2008-4191", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "emacspeak", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "emacspeak", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2008-08-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-4191\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-4191"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}