CVE - CVE-2012-3500

CVE-ID
CVE-2012-3500	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[oss-security] 20120831 [Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output URL:http://www.openwall.com/lists/oss-security/2012/08/31/7 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=848022 CONFIRM:http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0 CONFIRM:http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb CONFIRM:https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316 DEBIAN:DSA-2549 URL:http://www.debian.org/security/2012/dsa-2549 FEDORA:FEDORA-2012-13208 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087335.html FEDORA:FEDORA-2012-13234 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086138.html FEDORA:FEDORA-2012-13263 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086159.html MANDRIVA:MDVSA-2013:123 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:123 SUSE:openSUSE-SU-2012:1437 URL:http://lists.opensuse.org/opensuse-updates/2012-11/msg00000.html UBUNTU:USN-1593-1 URL:http://www.ubuntu.com/usn/USN-1593-1 BID:55358 URL:http://www.securityfocus.com/bid/55358 SECUNIA:50600 URL:http://secunia.com/advisories/50600 XF:rpmdevtools-toctou-symlink(78230) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/78230
Assigning CNA
N/A
Date Entry Created
20120614	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120614)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org