CVE-2015-3436

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-3436
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.

6.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:C/A:C

Exploitability : 3.9 / Impact : 9.2

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159455.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159497.html
http://www.securityfocus.com/bid/75104
https://jira.zarafa.com/browse/ZCP-13282
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zarafa:zarafa_collaboration_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:zarafa:zarafa_collaboration_platform:7.2.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2015-06-09 14:59

Updated : 2016-12-06 03:00

NVD link : CVE-2015-3436

Mitre link : CVE-2015-3436

CVE.ORG link : CVE-2015-3436

JSON object : View

Products Affected

zarafa

  • zarafa_collaboration_platform
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')