Vulnerability Details : CVE-2015-1200
Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions.
Products affected by CVE-2015-1200
- cpe:2.3:a:pxz_project:pxz:4.999.99:beta3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1200
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1200
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2015-1200
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1200
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3UCBCIN6M5EXFET4RGQTVSSL5S57XCH/
[SECURITY] Fedora 32 Update: pxz-4.999.9-19.beta.20200421git.fc32 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBKV7AT6O3FGQ735PFOGQ4Q5VODMSHE5/
[SECURITY] Fedora 31 Update: pxz-4.999.9-19.beta.20200421git.fc31 - package-announce - Fedora Mailing-Lists
-
http://www.securityfocus.com/bid/72101
pxz Insecure File Permissions Vulnerability
-
http://seclists.org/oss-sec/2015/q1/177
oss-sec: Re: CVE Request: pxz -- race condition in setting permissions
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDCG7YJRDOR66V3WJDQPLMFSDULQDADC/
[SECURITY] Fedora 30 Update: pxz-4.999.9-19.beta.20200421git.fc30 - package-announce - Fedora Mailing-Lists
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100207
pxz security bypass CVE-2015-1200 Vulnerability Report
Jump to