- Description
- A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.
- Source
- security@debian.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 3.3
- Impact score
- 4.9
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:N/I:P/A:P
- nvd@nist.gov
- CWE-59
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:txt2man:1.5.5-2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2FAB851-2008-4CB4-BF3D-9F7401A11967"
},
{
"criteria": "cpe:2.3:a:debian:txt2man:1.5.5-4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "709D7E94-6A78-4770-A040-62A6FD52D78F"
},
{
"criteria": "cpe:2.3:a:marc_vertes:txt2man:1.5.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "416248F6-815E-4B66-9E0F-A19CF962625B"
}
],
"operator": "OR"
}
]
}
]