CVE-2012-3355

(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3355.html
http://www.openwall.com/lists/oss-security/2012/06/25/5
http://www.openwall.com/lists/oss-security/2012/06/25/7
http://www.securityfocus.com/bid/54186
http://www.ubuntu.com/usn/USN-1503-1
https://bugzilla.gnome.org/show_bug.cgi?id=678661
https://bugzilla.redhat.com/show_bug.cgi?id=835076
https://exchange.xforce.ibmcloud.com/vulnerabilities/76538
https://hermes.opensuse.org/messages/15351848

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnome:rhythmbox::::::::
	cpe:2.3:a:gnome:rhythmbox:0.5.0:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.5.1:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.5.2:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.5.3:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.5.4:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.5.88:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.6.0:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.6.1:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.6.2:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.6.3:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.6.4:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.6.5:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.6.6:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.6.7:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.6.8:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.7.0:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.7.1:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.7.2:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.8.0:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.8.1:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.8.2:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.8.3:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.8.4:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.8.5:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.8.6:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.8.7:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.8.8:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.9.0:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.9.1:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.9.2:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.9.3:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.9.3.1:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.9.4:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.9.4.1:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.9.5:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.9.6:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.9.6.90:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.9.7:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.9.8:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.10.0:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.10.0.90:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.10.1:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.11.0:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.11.1:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.11.2:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.11.3:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.11.4:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.11.5:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.11.6:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.12.0:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.12.1:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.12.2:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.12.3:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.12.4:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.12.5:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.12.6:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.12.7:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.12.8:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.13.0:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.13.1:::::::*
	cpe:2.3:a:gnome:rhythmbox:0.13.2:::::::*

History

No history.

Information

Published : 2012-07-17 21:55

Updated : 2024-02-28 12:00

NVD link : CVE-2012-3355

Mitre link : CVE-2012-3355

CVE.ORG link : CVE-2012-3355

JSON object : View

Products Affected

gnome

rhythmbox

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

3.6 /10