Lucene search

[email protected]CVE-2015-4156

HistoryJun 02, 2015 - 2:59 p.m.

CVE-2015-4156

2015-06-0214:59:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2015-4156

gnu parallel

symlink attack

security vulnerability

6.5 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.

CPENameOperatorVersion
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2
gnu:parallelgnu parallelle20150322

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2
gnu:parallel	gnu parallel	le	20150322

References

lists.gnu.org/archive/html/parallel/2015-04/msg00045.html

lists.gnu.org/archive/html/parallel/2015-05/msg00024.html

lists.opensuse.org/opensuse-updates/2015-05/msg00090.html

www.securityfocus.com/bid/74961

6.5 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2015-4156

cvelist1 prion1 debiancve1 ubuntucve1