CVE-2013-1495

Published: Mar 18, 2013Modified: Apr 29, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp.

Affected (1)

Products: Oracle: Support Tools

Oracle

1 product

Support Tools

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Support Tools	Up to 4.3.2

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (6)

http://seclists.org/fulldisclosure/2013/Feb/159

Source: secalert_us@oracle.com

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Source: secalert_us@oracle.com

http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

Source: secalert_us@oracle.com

Vendor Advisory

http://seclists.org/fulldisclosure/2013/Feb/159

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.