Vulnerability CVE-2015-7543

Vulnerability Name:

CVE-2015-7543 (CCN-130561)

Assigned:

2015-11-11

Published:

2015-11-11

Updated:

2017-07-31

Summary:

aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.

CVSS v3 Severity:

7.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-362

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2015-7543

Source: CCN
Type: Red Hat Bugzilla Bug 1280543
(CVE-2015-7543) CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC

Source: CONFIRM
Type: Exploit, Issue Tracking, Patch, Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1280543

Source: XF
Type: UNKNOWN
arts-cve20157543-sec-bypass(130561)

Source: CCN
Type: Fedora Web site
aRts and kdelibs3

Vulnerable Configuration:

Configuration 1:

cpe:/a:artsproject:arts:1.5.10:*:*:*:*:*:*:*

OR cpe:/a:kde:kdelibs:*:*:*:*:*:*:*:* (Version <= 3.5.10)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20157543	V	CVE-2015-7543	2022-05-20
oval:org.opensuse.security:def:31324	P	Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:34614	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:30158	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:33057	P	Security update for gmp (Moderate)	2021-12-02
oval:org.opensuse.security:def:30262	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:31280	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:33000	P	Security update for java-1_7_0-openjdk (Moderate)	2021-09-09
oval:org.opensuse.security:def:34530	P	Security update for xerces-c (Important)	2021-09-03
oval:org.opensuse.security:def:35263	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:31259	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:34519	P	Security update for aspell (Important)	2021-08-25
oval:org.opensuse.security:def:34518	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:33952	P	Security update for libsndfile (Critical)	2021-08-05
oval:org.opensuse.security:def:30213	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:33663	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:31171	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:33895	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:33889	P	Security update for spamassassin (Important)	2021-04-12
oval:org.opensuse.security:def:33106	P	Security update for opensc (Moderate)	2021-03-31
oval:org.opensuse.security:def:28960	P	Security update for sudo (Important)	2021-03-24
oval:org.opensuse.security:def:34041	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:31220	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:34413	P	Security update for openldap2 (Moderate)	2021-01-14
oval:org.opensuse.security:def:30005	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:36052	P	virt-utils-1.2.1-0.7.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36011	P	pcsc-ccid-1.3.8-3.15.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32000	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:32393	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:28808	P	Security update for popt	2020-12-01
oval:org.opensuse.security:def:34344	P	Security update for squid3 (Important)	2020-12-01
oval:org.opensuse.security:def:32382	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:28724	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:34305	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:31039	P	Security update for kdelibs3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32381	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:28667	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:34256	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:31002	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:28582	P	Security update for libssh2	2020-12-01
oval:org.opensuse.security:def:34198	P	Security update for pcsc-lite	2020-12-01
oval:org.opensuse.security:def:30364	P	Security update for wireshark (Low)	2020-12-01
oval:org.opensuse.security:def:28451	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:30320	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:28383	P	Security update for rubygem-activesupport-3_2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30301	P	Security update for sudo, sudo-debuginfo, sudo-debugsource	2020-12-01
oval:org.opensuse.security:def:28372	P	Security update for python-numpy (Important)	2020-12-01
oval:org.opensuse.security:def:28371	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:33799	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:35373	P	Security update for nmap (Important)	2020-12-01
oval:org.opensuse.security:def:35329	P	Security update for microcode_ctl (Moderate)	2020-12-01
oval:org.opensuse.security:def:33580	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nspr and mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:35302	P	Security update for libxslt (Moderate)	2020-12-01
oval:org.opensuse.security:def:33569	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:29919	P	Security update for libevent	2020-12-01
oval:org.opensuse.security:def:33568	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29862	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:35214	P	Recommended update for libical (Moderate)	2020-12-01
oval:org.opensuse.security:def:31962	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:29775	P	Security update for gnome-session (Moderate)	2020-12-01
oval:org.opensuse.security:def:35155	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:29643	P	Security update for cups (Moderate)	2020-12-01
oval:org.opensuse.security:def:34996	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:29570	P	Security update for SuSEfirewall2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34906	P	Security update for dnsmasq (Important)	2020-12-01
oval:org.opensuse.security:def:29559	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:34849	P	Security update for binutils	2020-12-01
oval:org.opensuse.security:def:28152	P	Security update for kdelibs3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29558	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:34750	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:28117	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:31115	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27479	P	libreoffice-help-cs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30960	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27435	P	libblkid-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30873	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:27421	P	inkscape on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30816	P	Security update for coreutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:27382	P	cscope on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33850	P	Security update for icu	2020-12-01
oval:org.opensuse.security:def:30726	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:27333	P	xorg-x11-libXrender-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33212	P	nagios-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30594	P	Security update for Perl	2020-12-01
oval:org.opensuse.security:def:27280	P	python-pywbem on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33168	P	libopensc2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30520	P	Security update for gpg2	2020-12-01
oval:org.opensuse.security:def:27129	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33145	P	libecpg6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30509	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:27045	P	tgt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29837	P	Security update for kdelibs3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30508	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26988	P	mailman on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29801	P	Security update for icu (Important)	2020-12-01
oval:org.opensuse.security:def:26907	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29163	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26779	P	logwatch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32844	P	cvs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29119	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26715	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32757	P	openssh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29102	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:35091	P	Security update for kdelibs3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26704	P	g3utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32700	P	libMagickCore1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29063	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:35051	P	Security update for IBM Java	2020-12-01
oval:org.opensuse.security:def:26703	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32606	P	syslog-ng on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29014	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32471	P	Security update for xorg-x11-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:34369	P	Security update for tiff (Moderate)	2020-12-01
oval:com.ubuntu.trusty:def:20157543000	V	CVE-2015-7543 on Ubuntu 14.04 LTS (trusty) - medium.	2017-07-25
oval:com.ubuntu.precise:def:20157543000	V	CVE-2015-7543 on Ubuntu 12.04 LTS (precise) - medium.	2015-12-09

BACK