2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.3%
buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite
arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg
temporary files.
Author | Note |
---|---|
jdstrand | giving medium priority because this is likely to be run as root |
fujitsu | negligible as the code is commented out and in an example script |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | scanbuttond | < 0.2.3-6 | UNKNOWN |
ubuntu | 8.10 | noarch | scanbuttond | < 0.2.3-6 | UNKNOWN |