CVE-2012-3500

EUVD-2012-3456
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
1.2 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
devscripts_devel_teamdevscripts
𝑥
≤ 2.12.1
devscripts_devel_teamdevscripts
2.12.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
devscripts
bookworm
2.23.4+deb12u1
fixed
bullseye
2.21.3+deb11u1
fixed
sid
2.24.2
fixed
trixie
2.24.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
devscripts
hardy
ignored
lucid
Fixed 2.10.61ubuntu5.3
released
natty
Fixed 2.10.69ubuntu2.2
released
oneiric
Fixed 2.11.1ubuntu3.2
released
precise
Fixed 2.11.6ubuntu1.4
released
Common Weakness Enumeration
References
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commit%3Bh=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0
http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086138.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086159.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087335.html
http://lists.opensuse.org/opensuse-updates/2012-11/msg00000.html
http://secunia.com/advisories/50600
http://www.debian.org/security/2012/dsa-2549
http://www.mandriva.com/security/advisories?name=MDVSA-2013:123
http://www.openwall.com/lists/oss-security/2012/08/31/7
http://www.securityfocus.com/bid/55358
http://www.ubuntu.com/usn/USN-1593-1
https://bugzilla.redhat.com/show_bug.cgi?id=848022
https://exchange.xforce.ibmcloud.com/vulnerabilities/78230
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commit%3Bh=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0
http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086138.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086159.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087335.html
http://lists.opensuse.org/opensuse-updates/2012-11/msg00000.html
http://secunia.com/advisories/50600
http://www.debian.org/security/2012/dsa-2549
http://www.mandriva.com/security/advisories?name=MDVSA-2013:123
http://www.openwall.com/lists/oss-security/2012/08/31/7
http://www.securityfocus.com/bid/55358
http://www.ubuntu.com/usn/USN-1593-1
https://bugzilla.redhat.com/show_bug.cgi?id=848022
https://exchange.xforce.ibmcloud.com/vulnerabilities/78230
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316