Lucene search

Ubuntu.comUB:CVE-2012-5355

HistoryOct 10, 2012 - 12:00 a.m.

CVE-2012-5355

2012-10-1000:00:00

ubuntu.com

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to
overwrite arbitrary files via a symlink attack on a temporary file with a
predictable name in /tmp.

Bugs

<https://launchpad.net/bugs/1036211>

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchxdiagnose< 2.5.2ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	xdiagnose	< 2.5.2ubuntu0.1	UNKNOWN

References

osvdb.org/85882

secunia.com/advisories/50854

bugs.launchpad.net/ubuntu/+source/xdiagnose/+bug/1036211

launchpad.net/bugs/cve/CVE-2012-5355

nvd.nist.gov/vuln/detail/CVE-2012-5355

security-tracker.debian.org/tracker/CVE-2012-5355

ubuntu.com/security/notices/USN-1591-1

www.cve.org/CVERecord?id=CVE-2012-5355

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2012-5355