Vulnerability CVE-2012-1088
Published: 2014-02-15

Description:
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
4.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Shemminger -> Iproute2 
Iproute2 project -> Iproute2 

 References:
http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git;a=commit;h=20ed7b24df05eadf83168d1d0ce0052a31380928
http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git;a=commit;h=e557d1ac3a156ba7521ba44b0b412af4542f83f8
http://marc.info/?l=bugtraq&m=139447903326211&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=797878
Copyright 2024, cxsecurity.com

 

Back to Top