CVE-2012-1093

Published: Feb 21, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.

Affected (4)

Products: Debian: Debian Linux, X11 Common

Debian

2 products

Debian Linux

X11 Common

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0
Debian X11 Common	Before 1\:7.6\+12

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (12)

http://vladz.devzero.fr/012_x11-common-vuln.html

Source: secalert@redhat.com

ExploitThird Party Advisory

http://www.openwall.com/lists/oss-security/2012/02/29/1

Source: secalert@redhat.com

ExploitMailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2012/03/01/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://access.redhat.com/security/cve/cve-2012-1093

Source: secalert@redhat.com

Broken Link

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

Source: secalert@redhat.com

https://security-tracker.debian.org/tracker/CVE-2012-1093

Source: secalert@redhat.com

Vendor Advisory

http://vladz.devzero.fr/012_x11-common-vuln.html