Vulnerability in Rpath Appliance_platform_linux_service

CVE-2008-4832

rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an i…

EPSS: 0.003 (19.8th percentile) — read the EPSS interpretation.

Affected products

Rpath Appliance_platform_linux_service — versions 1, 2
Rpath Initscripts — versions 8.12-8.21, 8.56.15-0.1
Rpath Linux — versions 1, 2
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)