CVE-2008-5377

Description

pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.

How to fix CVE-2008-5377

To remediate CVE-2008-5377, upgrade the affected package to a fixed version below.

• Debian/cups—upgrade to 1.3.8-1lenny1 or later

Is CVE-2008-5377 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.3.8-1lenny1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-5377