Lucene search

[email protected]CVE-2015-1200

HistoryJan 23, 2015 - 3:59 p.m.

CVE-2015-1200

2015-01-2315:59:12

CWE-362

[email protected]

web.nvd.nist.gov

cve

race condition

pxz

weak file permissions

local users

access restrictions

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions.

Affected configurations

NVD

Node

pxz_projectpxzMatch4.999.99beta3

CPENameOperatorVersion
pxz_project:pxzpxz project pxzeq4.999.99

CPE	Name	Operator	Version
pxz_project:pxz	pxz project pxz	eq	4.999.99

References

seclists.org/oss-sec/2015/q1/177

www.securityfocus.com/bid/72101

exchange.xforce.ibmcloud.com/vulnerabilities/100207

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3UCBCIN6M5EXFET4RGQTVSSL5S57XCH/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBKV7AT6O3FGQ735PFOGQ4Q5VODMSHE5/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XDCG7YJRDOR66V3WJDQPLMFSDULQDADC/

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-1200

fedora3 prion1 openvas3 nessus2 ubuntucve1 debiancve1 cvelist1 nvd1