Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5355

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2012-5355
Last Modified 13 Feb 2013 11:58:01
Published 10 Oct 2012 02:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5355

Summary

welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

Vulnerable Systems

Application

  • Bryce Harrington Xdiagnose 0.2-0ubuntu2

  • Bryce Harrington Xdiagnose 1.6

  • Bryce Harrington Xdiagnose 1.6.1

  • Bryce Harrington Xdiagnose 2.5


References

MISC - https://bugs.launchpad.net/ubuntu/+source/xdiagnose/+bug/1036211

UBUNTU - USN-1591-1

SECUNIA - 50854

OSVDB - 85882

XF - xdiagnose-welcome-symlink(79475)


Last Updated: 27 May 2016 11:00:58