CVE-2012-5663 - OpenCVE

The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Openbsd	Textproc\/isearch

Configuration 1 [-]

cpe:2.3:a:openbsd:textproc\/isearch:*:*:*:*:*:*:*:*

References

Link	Resource
http://gnats.netbsd.org/47360	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/12/21/2	Exploit Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/12/21/3	Mailing List Third Party Advisory
https://access.redhat.com/security/cve/cve-2012-5663	Broken Link
https://security-tracker.debian.org/tracker/CVE-2012-5663	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2019-12-30T21:01:40

Updated: 2019-12-30T21:01:40

Reserved: 2012-10-24T00:00:00

Link: CVE-2012-5663

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-12-30T22:15:11.150

Modified: 2020-01-10T15:41:15.403

Link: CVE-2012-5663

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "textproc/isearch package", "vendor": "textproc/isearch package", "versions": [{"status": "affected", "version": "before 1.47.01nb1"}]}], "descriptions": [{"lang": "en", "value": "The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp)."}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-30T21:01:40", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2012-5663"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2012-5663"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2012/12/21/2"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2012/12/21/3"}, {"tags": ["x_refsource_MISC"], "url": "http://gnats.netbsd.org/47360"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5663", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "textproc/isearch package", "version": {"version_data": [{"version_value": "before 1.47.01nb1"}]}}]}, "vendor_name": "textproc/isearch package"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Other"}]}]}, "references": {"reference_data": [{"name": "https://security-tracker.debian.org/tracker/CVE-2012-5663", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2012-5663"}, {"name": "https://access.redhat.com/security/cve/cve-2012-5663", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/cve-2012-5663"}, {"name": "http://www.openwall.com/lists/oss-security/2012/12/21/2", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2012/12/21/2"}, {"name": "http://www.openwall.com/lists/oss-security/2012/12/21/3", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2012/12/21/3"}, {"name": "http://gnats.netbsd.org/47360", "refsource": "MISC", "url": "http://gnats.netbsd.org/47360"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5663", "datePublished": "2019-12-30T21:01:40", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2019-12-30T21:01:40", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:textproc\\/isearch:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F5E0492-F478-4514-AC47-570E5639847A", "versionEndExcluding": "1.47.01nb1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp)."}, {"lang": "es", "value": "El paquete isearch (textproc/isearch) versiones anteriores a la versi\u00f3n 1.47.01nb1 usa la funci\u00f3n tempnam() para crear archivos temporales no seguros en un \u00e1rea escribible p\u00fablicamente (/tmp)."}], "id": "CVE-2012-5663", "lastModified": "2020-01-10T15:41:15.403", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-30T22:15:11.150", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://gnats.netbsd.org/47360"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/12/21/2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/12/21/3"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://access.redhat.com/security/cve/cve-2012-5663"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2012-5663"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-459"}], "source": "nvd@nist.gov", "type": "Primary"}]}