Lucene search

[email protected]CVE-2012-3453

HistoryAug 07, 2012 - 8:55 p.m.

CVE-2012-3453

2012-08-0720:55:00

CWE-264

[email protected]

web.nvd.nist.gov

logol

1.5.0

world writable permissions

local file manipulation

cve-2012-3453

nvd

6.6 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files.

CPENameOperatorVersion
debian:logoldebian logoleq1.5.0

CPE	Name	Operator	Version
debian:logol	debian logol	eq	1.5.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=683647

www.openwall.com/lists/oss-security/2012/08/03/8

www.securityfocus.com/bid/54802

6.6 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2012-3453

ubuntucve1 cvelist1 prion1 debiancve1