CVE-2012-3500

Published: Oct 1, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commit%3Bh=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0

x_refsource_CONFIRM

MDVSA-2013:123

vendor-advisory

x_refsource_MANDRIVA

rpmdevtools-toctou-symlink(78230)

vdb-entry

x_refsource_XF

55358

vdb-entry

x_refsource_BID

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=848022

x_refsource_MISC

FEDORA-2012-13208

vendor-advisory

x_refsource_FEDORA

DSA-2549

vendor-advisory

x_refsource_DEBIAN

FEDORA-2012-13263

vendor-advisory

x_refsource_FEDORA

http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb

x_refsource_CONFIRM

50600

third-party-advisory

x_refsource_SECUNIA

FEDORA-2012-13234

vendor-advisory

x_refsource_FEDORA

USN-1593-1

vendor-advisory

x_refsource_UBUNTU

[oss-security] 20120831 [Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output

mailing-list

x_refsource_MLIST

openSUSE-SU-2012:1437

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-3500

Description

Affected Products

References