{"containers": {"cna": {"affected": [{"product": "libuser", "vendor": "libuser", "versions": [{"status": "affected", "version": "Fixed in 1:0.60"}]}], "descriptions": [{"lang": "en", "value": "libuser has information disclosure when moving user's home directory"}], "problemTypes": [{"descriptions": [{"description": "Information disclosure when moving user's home directory", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-25T14:28:24", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2012-5644"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5644"}, {"tags": ["x_refsource_MISC"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102068.html"}, {"name": "Red Hat", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/security/cve/cve-2012-5644"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:14:16.203Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2012-5644"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5644"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102068.html"}, {"name": "Red Hat", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2012-5644"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5644", "datePublished": "2019-11-25T14:28:24", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:14:16.203Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libuser_project:libuser:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5999C75-1029-4598-9670-C8E85FFF802D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libuser has information disclosure when moving user's home directory"}, {"lang": "es", "value": "libuser, presenta una divulgaci\u00f3n de informaci\u00f3n cuando se mueve el directorio de inicio de usuario."}], "id": "CVE-2012-5644", "lastModified": "2020-08-18T15:05:57.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-25T15:15:12.167", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102068.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2012-5644"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5644"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2012-5644"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libuser: (Complete) Information disclosure when moving user's home directory", "id": "885724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=885724"}, "csaw": false, "cvss": {"cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "status": "draft"}, "details": ["libuser has information disclosure when moving user's home directory"], "mitigation": {"lang": "en:us", "value": "There are several restrictions to successful exploitation of this flaw:\n~~~\n1. ONLY applications compiled with libuser are affected. The affected code is hit only when a move operation is conducted on user home directory.\n2. The attacker needs to have a shell account on the target machine.\n3. Since this is a TOCTOU attack, precise timing is required for the attack. The attacker needs to know exactly when the move directory is moved in order successfully exploit this flaw.\n~~~\nAny other application acting on user directories (not compiled with libuser) for example usermod/userdel are not affected by this flaw."}, "name": "CVE-2012-5644", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "libuser", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libuser", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2013-03-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-5644\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-5644"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}