CVE-2012-6648

Published May 22, 2014

Last updated 10 years ago

CVSS info 2.1

Overview

Description: gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gdm-guest-session_project:gdm-guest-session:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44B39902-CE75-4ACC-8FF0-DEDCE6D4BEF9",
            "versionEndIncluding": "0.24"
          },
          {
            "criteria": "cpe:2.3:a:gdm-guest-session_project:gdm-guest-session:0.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E7ACFB5-27E5-44A0-9C35-6270BB5520A1"
          },
          {
            "criteria": "cpe:2.3:a:gdm-guest-session_project:gdm-guest-session:0.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "685F8494-C197-43C3-9D04-54A82EF0D9EF"
          },
          {
            "criteria": "cpe:2.3:a:gdm-guest-session_project:gdm-guest-session:0.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94A2CD0F-8037-45F7-8DE0-12C938B3C010"
          },
          {
            "criteria": "cpe:2.3:a:gdm-guest-session_project:gdm-guest-session:0.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAAB6195-632A-450F-B556-306E35957D57"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References