{"id":"DEBIAN-CVE-2008-5366","details":"The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.","modified":"2026-04-28T20:10:52.778729Z","published":"2008-12-08T23:30:00.220Z","upstream":["CVE-2008-5366"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2008-5366"}],"affected":[{"package":{"name":"ppp","ecosystem":"Debian:11","purl":"pkg:deb/debian/ppp?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.4.9-1+1","2.4.9-1+1.1","2.5.0-1+1","2.5.0-1+2","2.5.1-1+1","2.5.1-1+1~exp1","2.5.2-1+1","2.5.2-1+1.1","2.5.2-1+1.2","2.5.2-1+1~exp1"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2008-5366.json"}},{"package":{"name":"ppp","ecosystem":"Debian:12","purl":"pkg:deb/debian/ppp?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.4.9-1+1.1","2.5.0-1+1","2.5.0-1+2","2.5.1-1+1","2.5.1-1+1~exp1","2.5.2-1+1","2.5.2-1+1.1","2.5.2-1+1.2","2.5.2-1+1~exp1"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2008-5366.json"}},{"package":{"name":"ppp","ecosystem":"Debian:13","purl":"pkg:deb/debian/ppp?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.5.2-1+1","2.5.2-1+1.1","2.5.2-1+1.2"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2008-5366.json"}},{"package":{"name":"ppp","ecosystem":"Debian:14","purl":"pkg:deb/debian/ppp?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.5.2-1+1","2.5.2-1+1.1","2.5.2-1+1.2"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2008-5366.json"}}],"schema_version":"1.7.5"}