Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3500

Overview

Vulnerability Score 1.2 1.2
CVE Id CVE-2012-3500
Last Modified 11 Feb 2014 11:38:02
Published 30 Sep 2012 08:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2012-3500

Summary

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.

Vulnerable Systems

Application

  • Devscripts Devel Team Devscripts 2.12.0

  • Devscripts Devel Team Devscripts 2.12.1


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=848022

BID - 55358

MLIST - [oss-security] 20120831 [Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output

DEBIAN - DSA-2549

SECUNIA - 50600

FEDORA - FEDORA-2012-13208

FEDORA - FEDORA-2012-13263

FEDORA - FEDORA-2012-13234

CONFIRM - http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb

CONFIRM - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0

UBUNTU - USN-1593-1

SUSE - openSUSE-SU-2012:1437

XF - rpmdevtools-toctou-symlink(78230)

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316

MANDRIVA - MDVSA-2013:123


Last Updated: 27 May 2016 11:00:50