Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3355

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2012-3355
Last Modified 07 Sep 2012 12:30:27
Published 17 Jul 2012 05:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-3355

Summary

(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.

Vulnerable Systems

Application

  • Gnome Rhythmbox 0.10.0

  • Gnome Rhythmbox 0.10.0.90

  • Gnome Rhythmbox 0.10.1

  • Gnome Rhythmbox 0.11.0

  • Gnome Rhythmbox 0.11.1

  • Gnome Rhythmbox 0.11.2

  • Gnome Rhythmbox 0.11.3

  • Gnome Rhythmbox 0.11.4

  • Gnome Rhythmbox 0.11.5

  • Gnome Rhythmbox 0.11.6

  • Gnome Rhythmbox 0.12.0

  • Gnome Rhythmbox 0.12.1

  • Gnome Rhythmbox 0.12.2

  • Gnome Rhythmbox 0.12.3

  • Gnome Rhythmbox 0.12.4

  • Gnome Rhythmbox 0.12.5

  • Gnome Rhythmbox 0.12.6

  • Gnome Rhythmbox 0.12.7

  • Gnome Rhythmbox 0.12.8

  • Gnome Rhythmbox 0.13.0

  • Gnome Rhythmbox 0.13.1

  • Gnome Rhythmbox 0.13.2

  • Gnome Rhythmbox 0.13.3

  • Gnome Rhythmbox 0.5.0

  • Gnome Rhythmbox 0.5.1

  • Gnome Rhythmbox 0.5.2

  • Gnome Rhythmbox 0.5.3

  • Gnome Rhythmbox 0.5.4

  • Gnome Rhythmbox 0.5.88

  • Gnome Rhythmbox 0.6.0

  • Gnome Rhythmbox 0.6.1

  • Gnome Rhythmbox 0.6.2

  • Gnome Rhythmbox 0.6.3

  • Gnome Rhythmbox 0.6.4

  • Gnome Rhythmbox 0.6.5

  • Gnome Rhythmbox 0.6.6

  • Gnome Rhythmbox 0.6.7

  • Gnome Rhythmbox 0.6.8

  • Gnome Rhythmbox 0.7.0

  • Gnome Rhythmbox 0.7.1

  • Gnome Rhythmbox 0.7.2

  • Gnome Rhythmbox 0.8.0

  • Gnome Rhythmbox 0.8.1

  • Gnome Rhythmbox 0.8.2

  • Gnome Rhythmbox 0.8.3

  • Gnome Rhythmbox 0.8.4

  • Gnome Rhythmbox 0.8.5

  • Gnome Rhythmbox 0.8.6

  • Gnome Rhythmbox 0.8.7

  • Gnome Rhythmbox 0.8.8

  • Gnome Rhythmbox 0.9.0

  • Gnome Rhythmbox 0.9.1

  • Gnome Rhythmbox 0.9.2

  • Gnome Rhythmbox 0.9.3

  • Gnome Rhythmbox 0.9.3.1

  • Gnome Rhythmbox 0.9.4

  • Gnome Rhythmbox 0.9.4.1

  • Gnome Rhythmbox 0.9.5

  • Gnome Rhythmbox 0.9.6

  • Gnome Rhythmbox 0.9.6.90

  • Gnome Rhythmbox 0.9.7

  • Gnome Rhythmbox 0.9.8


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=835076

MISC - https://bugzilla.gnome.org/show_bug.cgi?id=678661

XF - rhythmbox-template-symlink(76538)

UBUNTU - USN-1503-1

BID - 54186

MLIST - [oss-security] 20120625 Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs

MLIST - [oss-security] 20120625 CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs

MISC - http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3355.html

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673

SUSE - openSUSE-SU-2012:0954


Last Updated: 27 May 2016 10:54:54