Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0808

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2012-0808
Last Modified 04 Sep 2012 11:21:00
Published 19 Mar 2012 03:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-0808

Summary

as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack.

Vulnerable Systems

Application

  • Bdale Garbee As31 2.3.1-4


References

MLIST - [oss-security] 20120124 CVE requests: Suhosin extension / as31

MLIST - [oss-security] 20120124 Re: CVE requests: Suhosin extension / as31

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655496

MLIST - [oss-security] 20120831 Re: Three CVE requests: at-spi2-atk, as31, naxsi

MLIST - [oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi

MLIST - [oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi


Last Updated: 27 May 2016 10:42:30