Lucene search

K
cve[email protected]CVE-2012-3504
HistoryOct 10, 2012 - 6:55 p.m.

CVE-2012-3504

2012-10-1018:55:02
CWE-264
web.nvd.nist.gov
33
security
vulnerability
nssconfigfound
genkey.pl
crypto-utils
symlink attack
cve-2012-3504

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0

Percentile

5.1%

The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the β€œlist” file in the current working directory.

Affected configurations

NVD
Node
fedoraprojectcrypto-utilsMatch2.4.1-34

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0

Percentile

5.1%