CVE-2008-1570

Description

Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1569.

How to fix CVE-2008-1570

To remediate CVE-2008-1570, upgrade the affected package to a fixed version below.

• Debian/policyd-weight—upgrade to 0.1.14.17-1 or later

Is CVE-2008-1570 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.1.14.17-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-1570