CVE-2012-1093
published 2020-02-21CVE-2012-1093: The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package…
PriorityP337high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.57%
42.7th percentile
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | x11-common | < 1\:7.6\+12 | 1\:7.6\+12 |
| debian | x11-common | — | — |
| debian | xorg | < xorg 1:7.6+12 (bookworm) | xorg 1:7.6+12 (bookworm) |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2qxv-mghj-hfhr: The init script in the Debian x11-common package before 1:7
ghsa_unreviewed·2022-04-23
CVE-2012-1093 [MEDIUM] CWE-59 GHSA-2qxv-mghj-hfhr: The init script in the Debian x11-common package before 1:7
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.
OSV
CVE-2012-1093: The init script in the Debian x11-common package before 1:7
osv·2020-02-21·CVSS 7.8
CVE-2012-1093 [HIGH] CVE-2012-1093: The init script in the Debian x11-common package before 1:7
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.
Debian
CVE-2012-1093: xorg - The init script in the Debian x11-common package before 1:7.6+12 is vulnerable t...
vendor_debian·2012·CVSS 7.8
CVE-2012-1093 [HIGH] CVE-2012-1093: xorg - The init script in the Debian x11-common package before 1:7.6+12 is vulnerable t...
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.
Scope: local
bookworm: resolved (fixed in 1:7.6+12)
bullseye: resolved (fixed in 1:7.6+12)
forky: resolved (fixed in 1:7.6+12)
sid: resolved (fixed in 1:7.6+12)
trixie: resolved (fixed in 1:7.6+12)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://vladz.devzero.fr/012_x11-common-vuln.htmlhttp://www.openwall.com/lists/oss-security/2012/02/29/1http://www.openwall.com/lists/oss-security/2012/03/01/1https://access.redhat.com/security/cve/cve-2012-1093https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3Ehttps://security-tracker.debian.org/tracker/CVE-2012-1093http://vladz.devzero.fr/012_x11-common-vuln.htmlhttp://www.openwall.com/lists/oss-security/2012/02/29/1http://www.openwall.com/lists/oss-security/2012/03/01/1https://access.redhat.com/security/cve/cve-2012-1093https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3Ehttps://security-tracker.debian.org/tracker/CVE-2012-1093
2020-02-21
Published