Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2015-7758

Published: 08/01/2016 Updated: 30/10/2018
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Opensuse

Vulnerability Summary

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.

Vulnerable Product Search on Vulmon Subscribe to Product

opensuse opensuse 13.1

opensuse leap 42.1

opensuse opensuse 13.2

gummi project gummi 0.6.5

Vendor Advisories

Debian CVElist Bug Report Logs: gummi: Uses predictable filenames in /tmp based on basename (CVE-2015-7758)
Debian Bug report logs - #756432 gummi: Uses predictable filenames in /tmp based on basename (CVE-2015-7758) Package: src:gummi; Maintainer for src:gummi is Debian Science Maintainers <debian-science-maintainers@listsaliothdebianorg>; Reported by: Julian Andres Klode <jak@debianorg> Date: Tue, 29 Jul 2014 19:45:07 ...

References

CWE-59http://www.openwall.com/lists/oss-security/2015/10/08/4https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756432http://www.openwall.com/lists/oss-security/2015/10/08/5http://lists.opensuse.org/opensuse-updates/2015-12/msg00117.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178642.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178582.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00150.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756432https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook