3.3
CVE-2012-3378
- EPSS 0.31%
- Veröffentlicht 31.08.2012 18:55:02
- Zuletzt bearbeitet 16.06.2026 23:43:06
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gnome ≫ At-spi2-atk Version2.5.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.227 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 3.4 | 4.9 |
AV:L/AC:M/Au:N/C:N/I:P/A:P
|
http://www.openwall.com/lists/oss-security/2012/07/05/1
http://www.openwall.com/lists/oss-security/2012/07/06/3
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678026
https://bugzilla.gnome.org/show_bug.cgi?id=678348