Vulnerability Details CVE-2012-5355
welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.4%
CVSS Severity
CVSS v2 Score 3.3
References
- http://osvdb.org/85882
- http://secunia.com/advisories/50854
- http://www.ubuntu.com/usn/USN-1591-1
- https://bugs.launchpad.net/ubuntu/+source/xdiagnose/+bug/1036211
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79475
- http://osvdb.org/85882
- http://secunia.com/advisories/50854
- http://www.ubuntu.com/usn/USN-1591-1
- https://bugs.launchpad.net/ubuntu/+source/xdiagnose/+bug/1036211
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79475
Products affected by CVE-2012-5355
-
cpe:2.3:a:bryce_harrington:xdiagnose:*
-
cpe:2.3:a:bryce_harrington:xdiagnose:0.2-0ubuntu2
-
cpe:2.3:a:bryce_harrington:xdiagnose:1.6
-
cpe:2.3:a:bryce_harrington:xdiagnose:1.6.1