scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-10-01T00:00:00

Updated: 2024-08-06T20:05:12.543Z

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3500

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-10-01T00:55:01.460

Modified: 2024-11-21T01:41:00.390

Link: CVE-2012-3500

cve-icon Redhat

Severity :

Publid Date: 2012-08-31T00:00:00Z

Links: CVE-2012-3500 - Bugzilla