CVE-2012-1093 - OpenCVE

The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux X11-common

Configuration 1 [-]

OR	cpe:2.3:a:debian:x11-common::::::::
	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

No data.

References

Link	Providers
http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-02-21T18:05:01

Updated: 2024-08-06T18:45:27.483Z

Reserved: 2012-02-14T00:00:00

Link: CVE-2012-1093

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-02-21T19:15:11.150

Modified: 2023-11-07T02:10:12.693

Link: CVE-2012-1093

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "x11-common", "vendor": "Debian", "versions": [{"status": "affected", "version": "before 1:7.6+12"}]}], "descriptions": [{"lang": "en", "value": "The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation."}], "problemTypes": [{"descriptions": [{"description": "script x11-common creates directories in insecure manner", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-25T16:06:37", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1093"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2012-1093"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2012/03/01/1"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2012/02/29/1"}, {"tags": ["x_refsource_MISC"], "url": "http://vladz.devzero.fr/012_x11-common-vuln.html"}, {"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1093", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "x11-common", "version": {"version_data": [{"version_value": "before 1:7.6+12"}]}}]}, "vendor_name": "Debian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "script x11-common creates directories in insecure manner"}]}]}, "references": {"reference_data": [{"name": "https://security-tracker.debian.org/tracker/CVE-2012-1093", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2012-1093"}, {"name": "https://access.redhat.com/security/cve/cve-2012-1093", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/cve-2012-1093"}, {"name": "http://www.openwall.com/lists/oss-security/2012/03/01/1", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2012/03/01/1"}, {"name": "http://www.openwall.com/lists/oss-security/2012/02/29/1", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2012/02/29/1"}, {"name": "http://vladz.devzero.fr/012_x11-common-vuln.html", "refsource": "MISC", "url": "http://vladz.devzero.fr/012_x11-common-vuln.html"}, {"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:45:27.483Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1093"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2012-1093"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/01/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/02/29/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://vladz.devzero.fr/012_x11-common-vuln.html"}, {"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1093", "datePublished": "2020-02-21T18:05:01", "dateReserved": "2012-02-14T00:00:00", "dateUpdated": "2024-08-06T18:45:27.483Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:debian:x11-common:*:*:*:*:*:*:*:*", "matchCriteriaId": "121E8DFB-EFAE-46BD-8928-BBB8D5450C8C", "versionEndExcluding": "1\\:7.6\\+12", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation."}, {"lang": "es", "value": "El script de inicio en el paquete Debian x11-common versiones anteriores a 1:7.6+12, es vulnerable a un ataque de enlace simb\u00f3lico que puede conllevar a una escalada de privilegios durante la instalaci\u00f3n del paquete."}], "id": "CVE-2012-1093", "lastModified": "2023-11-07T02:10:12.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-21T19:15:11.150", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "http://vladz.devzero.fr/012_x11-common-vuln.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/02/29/1"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/03/01/1"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://access.redhat.com/security/cve/cve-2012-1093"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1093"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}