Executive Summary

Informations
Name MDVSA-2013:123 First vendor Publication 2013-04-10
Vendor Mandriva Last vendor Modification 2013-04-10
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score 1.2 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 1.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated rpmdevtools package fixes security vulnerability:

A TOCTOU race condition was found in the way 'annotate-output' (used to execute a program annotating the output linewise with time and stream) tool of rpmdevtools before 8.3 performed management of its temporary files used for standard output and standard error output. A local attacker could use this flaw to conduct symbolic link attacks, possibly leading to their ability in an unauthorized way to alter files belonging to the user running the 'annotate-output' tool (CVE-2012-3500).

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:123

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18171
 
Oval ID: oval:org.mitre.oval:def:18171
Title: USN-1593-1 -- devscripts vulnerabilities
Description: Several security issues were fixed in devscripts.
Family: unix Class: patch
Reference(s): USN-1593-1
CVE-2012-0212
CVE-2012-2240
CVE-2012-2241
CVE-2012-2242
CVE-2012-3500
Version: 9
Platform(s): Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
Product(s): devscripts
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20054
 
Oval ID: oval:org.mitre.oval:def:20054
Title: DSA-2549-1 devscripts - multiple
Description: Multiple vulnerabilities have been discovered in devscripts, a set of scripts to make the life of a Debian Package maintainer easier. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them.
Family: unix Class: patch
Reference(s): DSA-2549-1
CVE-2012-2240
CVE-2012-2241
CVE-2012-2242
CVE-2012-3500
Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): devscripts
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 99
Application 1

OpenVAS Exploits

Date Description
2012-10-03 Name : Ubuntu Update for devscripts USN-1593-1
File : nvt/gb_ubuntu_USN_1593_1.nasl
2012-09-19 Name : Debian Security Advisory DSA 2549-1 (devscripts)
File : nvt/deb_2549_1.nasl
2012-09-17 Name : Fedora Update for rpmdevtools FEDORA-2012-13234
File : nvt/gb_fedora_2012_13234_rpmdevtools_fc17.nasl
2012-09-17 Name : Fedora Update for rpmdevtools FEDORA-2012-13263
File : nvt/gb_fedora_2012_13263_rpmdevtools_fc16.nasl

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-757.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2013-123.nasl - Type : ACT_GATHER_INFO
2012-10-03 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1593-1.nasl - Type : ACT_GATHER_INFO
2012-09-18 Name : The remote Fedora host is missing a security update.
File : fedora_2012-13208.nasl - Type : ACT_GATHER_INFO
2012-09-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2549.nasl - Type : ACT_GATHER_INFO
2012-09-12 Name : The remote Fedora host is missing a security update.
File : fedora_2012-13234.nasl - Type : ACT_GATHER_INFO
2012-09-12 Name : The remote Fedora host is missing a security update.
File : fedora_2012-13263.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:43:41
  • Multiple Updates
2013-04-10 17:18:28
  • First insertion