Описание
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
Ссылки
- Third Party Advisory
- ExploitPatchThird Party AdvisoryVDB Entry
- ExploitIssue TrackingPatchThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- ExploitPatchThird Party AdvisoryVDB Entry
- ExploitIssue TrackingPatchThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.5 (исключая)
cpe:2.3:a:clusterlabs:libqb:*:*:*:*:*:*:*:*
EPSS
Процентиль: 9%
0.00032
Низкий
7.1 High
CVSS3
6.6 Medium
CVSS2
Дефекты
CWE-59
Связанные уязвимости
CVSS3: 7.1
ubuntu
больше 6 лет назад
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
CVSS3: 6.5
redhat
почти 7 лет назад
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
CVSS3: 7.1
debian
больше 6 лет назад
libqb before 1.0.5 allows local users to overwrite arbitrary files via ...
EPSS
Процентиль: 9%
0.00032
Низкий
7.1 High
CVSS3
6.6 Medium
CVSS2
Дефекты
CWE-59