Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1495

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2013-1495
Last Modified 10 Oct 2013 11:50:21
Published 18 Mar 2013 05:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2013-1495

Summary

asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp.

Vulnerable Systems

Application

  • Oracle Auto Service Request -

  • Oracle Support Tools 4.3.2


References

FULLDISC - 20130301 Oracle Auto Service Request /tmp file clobbering vulnerability

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

MANDRIVA - MDVSA-2013:150


Last Updated: 27 May 2016 11:03:13