5.3

CVE-2016-8605

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version23
FedoraprojectFedora Version24
FedoraprojectFedora Version25
GnuGuile Version <= 2.0.12
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.262
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
http://www.openwall.com/lists/oss-security/2016/10/12/1
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/93510
Third Party Advisory
VDB Entry