CVE-2012-1093 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Affected Products (NVD)

Vendor	Product	Version
debian	x11-common	𝑥 < 1\:7.6\+12
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

xorg

bookworm	1:7.7+23 fixed
bullseye	1:7.7+22 fixed
sid	1:7.7+23.1 fixed
squeeze	no-dsa
trixie	1:7.7+23.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

xorg

artful	ignored
bionic	not-affected
cosmic	ignored
disco	ignored
eoan	ignored
focal	not-affected
groovy	ignored
hardy	ignored
hirsute	ignored
impish	ignored
jammy	not-affected
kinetic	not-affected
lucid	ignored
maverick	ignored
natty	ignored
oneiric	ignored
precise	ignored
quantal	ignored
raring	ignored
saucy	ignored
trusty	dne
utopic	ignored
vivid	ignored
wily	ignored
xenial	not-affected
yakkety	ignored
zesty	ignored

Known Exploits!

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://vladz.devzero.fr/012_x11-common-vuln.html

http://www.openwall.com/lists/oss-security/2012/02/29/1

http://www.openwall.com/lists/oss-security/2012/03/01/1

https://access.redhat.com/security/cve/cve-2012-1093

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

https://security-tracker.debian.org/tracker/CVE-2012-1093

http://vladz.devzero.fr/012_x11-common-vuln.html

http://www.openwall.com/lists/oss-security/2012/02/29/1

http://www.openwall.com/lists/oss-security/2012/03/01/1

https://access.redhat.com/security/cve/cve-2012-1093

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

https://security-tracker.debian.org/tracker/CVE-2012-1093