{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-02-15T00:00:00", "descriptions": [{"lang": "en", "value": "iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-08-19T15:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git%3Ba=commit%3Bh=20ed7b24df05eadf83168d1d0ce0052a31380928"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git%3Ba=commit%3Bh=e557d1ac3a156ba7521ba44b0b412af4542f83f8"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=797878"}, {"name": "HPSBGN02970", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:45:27.379Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git%3Ba=commit%3Bh=20ed7b24df05eadf83168d1d0ce0052a31380928"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git%3Ba=commit%3Bh=e557d1ac3a156ba7521ba44b0b412af4542f83f8"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=797878"}, {"name": "HPSBGN02970", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1088", "datePublished": "2014-02-15T11:00:00", "dateReserved": "2012-02-14T00:00:00", "dateUpdated": "2024-08-06T18:45:27.379Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iproute2_project:iproute2:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC20584F-EABF-47C1-82A3-02BCDCAC9B03", "versionEndIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:iproute2_project:iproute2:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7DFE2203-B73F-4BEB-AB0E-A71BB9BC19FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:iproute2_project:iproute2:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4561D288-1DD1-4524-BDAE-4829709B3D95", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script."}, {"lang": "es", "value": "iproute2 anterior a 3.3.0 permite a usuarios locales sobreescribir archivos arbitrarios a atrav\u00e9s de un ataque symlink en un archivo temporal utilizado por (1) configure o (2) examples/dhcp-client-script."}], "id": "CVE-2012-1088", "lastModified": "2023-02-13T04:32:54.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-15T14:57:07.160", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git%3Ba=commit%3Bh=20ed7b24df05eadf83168d1d0ce0052a31380928"}, {"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git%3Ba=commit%3Bh=e557d1ac3a156ba7521ba44b0b412af4542f83f8"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=797878"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "iproute: multiple insecure temporary file use issues", "id": "797878", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=797878"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-377", "details": ["iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script."], "name": "CVE-2012-1088", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "iproute", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "iproute", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "iproute", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-02-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-1088\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-1088"], "statement": "These issues only affect a script used during package build and do not affect binary iproute packages shipped with Red Hat Enterprise Linux. Therefore, they are not planned to be addressed in iproute packages in Red Hat Enterprise Linux 5 and 6, they are only planned to be addressed in the future Red Hat Enterprise Linux versions.", "threat_severity": "Low"}