CVE-2012-3500

Published: 03 September 2012

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.

Priority

Low

Notes

AuthorNote
tyhicks
If TMPDIR is not changed, mitigated by yama in Natty and newer

References