CVE-2012-2093

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-2093
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.

3.3 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://hg.gajim.org/gajim/rev/f046e4aaf7d4
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html
http://secunia.com/advisories/48695 Vendor Advisory
http://secunia.com/advisories/48794
http://security.gentoo.org/glsa/glsa-201208-04.xml
http://www.openwall.com/lists/oss-security/2012/04/10/15
http://www.openwall.com/lists/oss-security/2012/04/10/6
http://www.securityfocus.com/bid/53017
https://exchange.xforce.ibmcloud.com/vulnerabilities/74869
https://trac.gajim.org/changeset/13759/src/common/latex.py
http://hg.gajim.org/gajim/rev/f046e4aaf7d4
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html
http://secunia.com/advisories/48695 Vendor Advisory
http://secunia.com/advisories/48794
http://security.gentoo.org/glsa/glsa-201208-04.xml
http://www.openwall.com/lists/oss-security/2012/04/10/15
http://www.openwall.com/lists/oss-security/2012/04/10/6
http://www.securityfocus.com/bid/53017
https://exchange.xforce.ibmcloud.com/vulnerabilities/74869
https://trac.gajim.org/changeset/13759/src/common/latex.py
Configurations

Configuration 1 (hide)

cpe:2.3:a:gajim:gajim:0.15:*:*:*:*:*:*:*
History

21 Nov 2024, 01:38

Type Values Removed Values Added
References () http://hg.gajim.org/gajim/rev/f046e4aaf7d4 - () http://hg.gajim.org/gajim/rev/f046e4aaf7d4 -
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html - () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html - () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html - () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html -
References () http://secunia.com/advisories/48695 - Vendor Advisory () http://secunia.com/advisories/48695 - Vendor Advisory
References () http://secunia.com/advisories/48794 - () http://secunia.com/advisories/48794 -
References () http://security.gentoo.org/glsa/glsa-201208-04.xml - () http://security.gentoo.org/glsa/glsa-201208-04.xml -
References () http://www.openwall.com/lists/oss-security/2012/04/10/15 - () http://www.openwall.com/lists/oss-security/2012/04/10/15 -
References () http://www.openwall.com/lists/oss-security/2012/04/10/6 - () http://www.openwall.com/lists/oss-security/2012/04/10/6 -
References () http://www.securityfocus.com/bid/53017 - () http://www.securityfocus.com/bid/53017 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/74869 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/74869 -
References () https://trac.gajim.org/changeset/13759/src/common/latex.py - () https://trac.gajim.org/changeset/13759/src/common/latex.py -
Information

Published : 2012-05-18 22:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-2093

Mitre link : CVE-2012-2093

CVE.ORG link : CVE-2012-2093

JSON object : View

Products Affected

gajim

  • gajim
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')