CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N
EPSS
Percentile
10.1%
scripts/annotate-output.sh in devscripts before 2.12.2, as used in
rpmdevtools before 8.3, allows local users to modify arbitrary files via a
symlink attack on the temporary (1) standard output or (2) standard error
output file.
Author | Note |
---|---|
tyhicks | If TMPDIR is not changed, mitigated by yama in Natty and newer |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | devscripts | < 2.10.61ubuntu5.3 | UNKNOWN |
ubuntu | 11.04 | noarch | devscripts | < 2.10.69ubuntu2.2 | UNKNOWN |
ubuntu | 11.10 | noarch | devscripts | < 2.11.1ubuntu3.2 | UNKNOWN |
ubuntu | 12.04 | noarch | devscripts | < 2.11.6ubuntu1.4 | UNKNOWN |