Описание
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal.
Ссылки
- Broken LinkThird Party Advisory
- Third Party Advisory
- Broken LinkThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5 (исключая)
Одно из
cpe:2.3:a:mathopd:mathopd:*:*:*:*:*:*:*:*
cpe:2.3:a:mathopd:mathopd:1.6:-:*:*:*:*:*:*
EPSS
Процентиль: 10%
0.00037
Низкий
5.5 Medium
CVSS3
3.6 Low
CVSS2
Дефекты
CWE-59
Связанные уязвимости
CVSS3: 5.5
debian
больше 20 лет назад
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1. ...
CVSS3: 5.5
github
больше 3 лет назад
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal.
EPSS
Процентиль: 10%
0.00037
Низкий
5.5 Medium
CVSS3
3.6 Low
CVSS2
Дефекты
CWE-59