CVE-2015-1200

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-1200
Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions.

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://seclists.org/oss-sec/2015/q1/177
http://www.securityfocus.com/bid/72101
https://exchange.xforce.ibmcloud.com/vulnerabilities/100207
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3UCBCIN6M5EXFET4RGQTVSSL5S57XCH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBKV7AT6O3FGQ735PFOGQ4Q5VODMSHE5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XDCG7YJRDOR66V3WJDQPLMFSDULQDADC/
Configurations

Configuration 1 (hide)

cpe:2.3:a:pxz_project:pxz:4.999.99:beta3:*:*:*:*:*:*
History

07 Nov 2023, 02:24

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3UCBCIN6M5EXFET4RGQTVSSL5S57XCH/', 'name': 'FEDORA-2020-8b89d5b9eb', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDCG7YJRDOR66V3WJDQPLMFSDULQDADC/', 'name': 'FEDORA-2020-c9eb911737', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBKV7AT6O3FGQ735PFOGQ4Q5VODMSHE5/', 'name': 'FEDORA-2020-07fcbfddbd', 'tags': [], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3UCBCIN6M5EXFET4RGQTVSSL5S57XCH/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XDCG7YJRDOR66V3WJDQPLMFSDULQDADC/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBKV7AT6O3FGQ735PFOGQ4Q5VODMSHE5/ -
Information

Published : 2015-01-23 15:59

Updated : 2024-02-28 12:20

NVD link : CVE-2015-1200

Mitre link : CVE-2015-1200

CVE.ORG link : CVE-2015-1200

JSON object : View

Products Affected

pxz_project

  • pxz
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')