Launchpad CVE tracker

CVE 2012-3500

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://www.debian.org/...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://www.mandriva.co...
MISC: http://www.ubuntu.com/...
MISC: http://www.openwall.co...
MISC: http://anonscm.debian....
MISC: http://git.fedorahoste...
MISC: https://wiki.mageia.or...
MISC: http://lists.opensuse....
MISC: https://exchange.xforc...

Launchpad.net

CVE 2012-3500

Related bugs

References