CVE-2012-1093 Information

Description

The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://vladz.devzero.fr/012_x11-common-vuln.html http://www.openwall.com/lists/oss-security/2012/02/29/1 http://www.openwall.com/lists/oss-security/2012/03/01/1 https://access.redhat.com/security/cve/cve-2012-1093 https://security-tracker.debian.org/tracker/CVE-2012-1093

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8