Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1200

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2015-1200
Last Modified 26 Jan 2015 08:57:57
Published 23 Jan 2015 10:59:12
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2015-1200

Summary

Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions.

Vulnerable Systems

Application

  • Pxz Project Pxz 4.999.99


References

XF - pxz-cve20151200-sec-bypass(100207)

BID - 72101

MLIST - [oss-security] 20150118 Re: CVE Request: pxz -- race condition in setting permissions


Last Updated: 27 May 2016 11:07:38