CVE-2012-1088 — Link Following in Project Iproute2

CWE-59 — Link Following CWE-377 — Insecure Temporary File6 documents6 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 69.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Iproute2 Project Iproute2

Timeline

PublishedFeb 15

Latest updateMay 17

Description

iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages2 packages

▶Ubuntuiproute2_project/iproute2< 3.12.0-2

▶NVDiproute2_project/iproute23.2.0+2

🔴Vulnerability Details

GHSA

GHSA-3wfr-9gjx-63gf: iproute2 before 3↗2022-05-17

▶

OSV

CVE-2012-1088: iproute2 before 3↗2014-02-15

▶

CVEList

CVE-2012-1088: iproute2 before 3↗2014-02-15

▶

📋Vendor Advisories

Red Hat

iproute: multiple insecure temporary file use issues↗2012-02-15

▶

💬Community

Bugzilla

CVE-2012-1088 iproute: multiple insecure temporary file use issues↗2012-02-27

▶