PT-2016-3566 · Tardiff · Tardiff

Florian Weimer

·

Published

2016-05-01

·

Updated

2016-05-09

·

CVE-2015-0858

CVSS v3.1

3.3

Low

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions TarDiff (affected versions not specified)
Description The issue allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2015-0858
DLA-564-1
DSA-3562-1

Affected Products

Tardiff