Vulnerability Details : CVE-2012-0054
libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat.
Products affected by CVE-2012-0054
- cpe:2.3:a:golismero:golismero:0.6.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0054
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0054
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:L/AC:M/Au:N/C:N/I:P/A:P |
3.4
|
4.9
|
NIST |
CWE ids for CVE-2012-0054
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0054
-
http://code.google.com/p/golismero/source/detail?r=2b3bb43d68676efd687361f7de29380189031ab8
Google Code Archive - Long-term storage for Google Code Project Hosting.
-
http://www.openwall.com/lists/oss-security/2012/01/17/10
oss-security - Re: CVE-request: golismero symlink vulnerability
-
http://www.openwall.com/lists/oss-security/2012/01/17/7
oss-security - CVE-request: golismero symlink vulnerability
Jump to