CVE-2012-0808

as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655496
http://www.openwall.com/lists/oss-security/2012/01/24/11
http://www.openwall.com/lists/oss-security/2012/01/24/7
http://www.openwall.com/lists/oss-security/2012/07/05/1
http://www.openwall.com/lists/oss-security/2012/07/06/3
http://www.openwall.com/lists/oss-security/2012/08/31/9

Configurations

Configuration 1 (hide)

cpe:2.3:a:bdale_garbee:as31:2.3.1-4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-03-19 19:55

Updated : 2012-09-05 03:21

NVD link : CVE-2012-0808

Mitre link : CVE-2012-0808

CVE.ORG link : CVE-2012-0808

JSON object : View

Products Affected

bdale_garbee

as31

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

3.6 /10