Описание
mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:gentoo:mirrorselect:0.80:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:mirrorselect:0.81:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:mirrorselect:0.82:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:mirrorselect:0.83:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:mirrorselect:0.84:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:mirrorselect:0.85:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:mirrorselect:0.86:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:mirrorselect:0.87:*:*:*:*:*:*:*
cpe:2.3:a:gentoo:mirrorselect:0.88:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.0038
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack.
EPSS
Процентиль: 59%
0.0038
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other