Lucene search

PRIOn knowledge basePRION:CVE-2013-3368

HistoryAug 23, 2013 - 4:55 p.m.

Design/Logic Flaw

2013-08-2316:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.

CPENameOperatorVersion
rteq4.0.12
rteq4.0.0 rc4
rteq4.0.9
rteq4.0.11
rteq4.0.3
rteq4.0.0 rc7
rteq4.0.8
rteq4.0.1
rteq4.0.0 rc3
rteq4.0.0 rc8

Name	Operator	Version
rt	eq	4.0.12
rt	eq	4.0.0 rc4
rt	eq	4.0.9
rt	eq	4.0.11
rt	eq	4.0.3
rt	eq	4.0.0 rc7
rt	eq	4.0.8
rt	eq	4.0.1
rt	eq	4.0.0 rc3
rt	eq	4.0.0 rc8

Rows per page:

1-10 of 771

References

lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html

lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html

lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html

secunia.com/advisories/53505

secunia.com/advisories/53522

www.debian.org/security/2012/dsa-2670

www.osvdb.org/93612