PRIOn knowledge basePRION:CVE-2012-3355Directory traversal
7.4 High
AI Score
Confidence
Low
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.4%
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673
people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3355.html
www.openwall.com/lists/oss-security/2012/06/25/5
www.openwall.com/lists/oss-security/2012/06/25/7
www.securityfocus.com/bid/54186
www.ubuntu.com/usn/USN-1503-1
bugzilla.gnome.org/show_bug.cgi?id=678661
bugzilla.redhat.com/show_bug.cgi?id=835076
exchange.xforce.ibmcloud.com/vulnerabilities/76538
hermes.opensuse.org/messages/15351848
Related
7.4 High
AI Score
Confidence
Low
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.4%