Executive Summary

Informations
NameCVE-2012-2120First vendor Publication2012-05-18
VendorCveLast vendor Modification2012-05-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:P/A:P)
Cvss Base Score3.3Attack RangeLocal
Cvss Impact Score4.9Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2120

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Internal Sources (Detail)

SourceUrl
MISChttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668779
MLISThttp://www.openwall.com/lists/oss-security/2012/04/19/12
http://www.openwall.com/lists/oss-security/2012/04/19/15

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 22:38:24
  • Multiple Updates