Unrated severityNVD Advisory· Published Jan 31, 2008· Updated Apr 23, 2026
CVE-2008-0525
CVE-2008-0525
Description
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.
Affected products
18cpe:2.3:a:lumension_security:patchlink_update:6.2:*:linux:*:*:*:*:*+ 8 more
- cpe:2.3:a:lumension_security:patchlink_update:6.2:*:linux:*:*:*:*:*
- cpe:2.3:a:lumension_security:patchlink_update:6.2:*:mac:*:*:*:*:*
- cpe:2.3:a:lumension_security:patchlink_update:6.2:*:unix:*:*:*:*:*
- cpe:2.3:a:lumension_security:patchlink_update:6.3:*:linux:*:*:*:*:*
- cpe:2.3:a:lumension_security:patchlink_update:6.3:*:mac:*:*:*:*:*
- cpe:2.3:a:lumension_security:patchlink_update:6.3:*:unix:*:*:*:*:*
- cpe:2.3:a:lumension_security:patchlink_update:6.4:*:linux:*:*:*:*:*
- cpe:2.3:a:lumension_security:patchlink_update:6.4:*:mac:*:*:*:*:*
- cpe:2.3:a:lumension_security:patchlink_update:6.4:*:unix:*:*:*:*:*
cpe:2.3:a:novell:zenworks_patch_management_update_agent:6.2:*:linux:*:*:*:*:*+ 8 more
- cpe:2.3:a:novell:zenworks_patch_management_update_agent:6.2:*:linux:*:*:*:*:*
- cpe:2.3:a:novell:zenworks_patch_management_update_agent:6.2:*:mac:*:*:*:*:*
- cpe:2.3:a:novell:zenworks_patch_management_update_agent:6.2:*:unix:*:*:*:*:*
- cpe:2.3:a:novell:zenworks_patch_management_update_agent:6.3:*:linux:*:*:*:*:*
- cpe:2.3:a:novell:zenworks_patch_management_update_agent:6.3:*:mac:*:*:*:*:*
- cpe:2.3:a:novell:zenworks_patch_management_update_agent:6.3:*:unix:*:*:*:*:*
- cpe:2.3:a:novell:zenworks_patch_management_update_agent:6.4:*:linux:*:*:*:*:*
- cpe:2.3:a:novell:zenworks_patch_management_update_agent:6.4:*:mac:*:*:*:*:*
- cpe:2.3:a:novell:zenworks_patch_management_update_agent:6.4:*:unix:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- secunia.com/advisories/28657nvdVendor Advisory
- secunia.com/advisories/28665nvdVendor Advisory
- www.vupen.com/english/advisories/2008/0426nvdVendor Advisory
- securityreason.com/securityalert/3599nvd
- support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.phpnvd
- support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.phpnvd
- support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.phpnvd
- www.securityfocus.com/archive/1/487103/100/0/threadednvd
- www.securityfocus.com/bid/27458nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/39956nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/39958nvd
- secure-support.novell.com/KanisaPlatform/Publishing/18/3908994_f.SAL_Public.htmlnvd
News mentions
0No linked articles in our index yet.