Lucene search

MitreCVE-2015-1200

HistoryJan 23, 2015 - 3:59 p.m.

CVE-2015-1200

2015-01-2315:59:12

CWE-362

mitre

web.nvd.nist.gov

cve

race condition

pxz

weak file permissions

local users

access restrictions

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

Percentile

5.1%

JSON

Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions.

Affected configurations

Nvd

Node

pxz_projectpxzMatch4.999.99beta3

VendorProductVersionCPE
pxz_projectpxz4.999.99cpe:2.3:a:pxz_project:pxz:4.999.99:beta3:*:*:*:*:*:*

Vendor	Product	Version	CPE
pxz_project	pxz	4.999.99	cpe:2.3:a:pxz_project:pxz:4.999.99:beta3::::::

References

seclists.org/oss-sec/2015/q1/177

www.securityfocus.com/bid/72101

exchange.xforce.ibmcloud.com/vulnerabilities/100207

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3UCBCIN6M5EXFET4RGQTVSSL5S57XCH/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBKV7AT6O3FGQ735PFOGQ4Q5VODMSHE5/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XDCG7YJRDOR66V3WJDQPLMFSDULQDADC/

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-1200