Vulnerability Name: | CVE-2011-0012 (CCN-66776) | ||||||||||||||||
Assigned: | 2010-12-07 | ||||||||||||||||
Published: | 2011-04-07 | ||||||||||||||||
Updated: | 2011-04-18 | ||||||||||||||||
Summary: | The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name. | ||||||||||||||||
CVSS v3 Severity: | 5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||||||||||
CVSS v2 Severity: | 3.3 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P) 2.9 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
1.8 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||||||
Vulnerability Type: | CWE-59 | ||||||||||||||||
Vulnerability Consequences: | File Manipulation | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2011-0012 Source: CCN Type: RHSA-2011-0426 Moderate: spice-xpi security update Source: CCN Type: OSVDB ID: 73424 SPICE Plugin for Mozilla Firefox usbrdrctl Log File Symlink Arbitrary File Overwrite Source: REDHAT Type: UNKNOWN RHSA-2011:0426 Source: BID Type: UNKNOWN 47269 Source: CCN Type: BID-47269 spice-xpi Multiple Security Vulnerabilities Source: SECTRACK Type: UNKNOWN 1025304 Source: VUPEN Type: Vendor Advisory ADV-2011-0899 Source: CCN Type: Red Hat Bugzilla Bug 639869 (CVE-2011-0012) CVE-2011-0012 spice-xpi: symlink attack on usbrdrctl log file Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=639869 Source: XF Type: UNKNOWN spicexpi-unspecified-symlink(66776) Source: CCN Type: RHSA-2011:0426-1 Security Advisory Moderate: spice-xpi security update | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: ![]() | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |