CVE-2012-3355
published 2012-07-17CVE-2012-3355: (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to…
PriorityP415low3.6CVSS 2.0
AVLACLAuNCNIPAP
EPSS
0.56%
42.3th percentile
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
Affected
67 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | rhythmbox | < rhythmbox 2.97-2.1 (bookworm) | rhythmbox 2.97-2.1 (bookworm) |
| gnome | rhythmbox | <= 0.13.3 | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
| gnome | rhythmbox | — | — |
CVSS provenance
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:N/I:P/A:P
osv3.6LOW
vendor_debian3.6LOW
vendor_redhat3.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Rhythmbox vulnerability
vendor_ubuntu·2012-07-11
CVE-2012-3355 Rhythmbox vulnerability
Title: Rhythmbox vulnerability
Summary: Rhythmbox could be made to run programs as your login when using the Context
plugin.
Hans Spaans discovered that the Context plugin in Rhythmbox created a
temporary directory in an insecure manner. A local attacker could exploit
this to execute arbitrary code as the user invoking the program. The
Context plugin is disabled by default in Ubuntu.
Instructions: After a standard system update you need to restart Rhythmbox to make all
the necessary changes.
Debian
CVE-2012-3355: rhythmbox - (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the ...
vendor_debian·2012·CVSS 3.6
CVE-2012-3355 [LOW] CVE-2012-3355: rhythmbox - (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the ...
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
Scope: local
bookworm: resolved (fixed in 2.97-2.1)
bullseye: resolved (fixed in 2.97-2.1)
forky: resolved (fixed in 2.97-2.1)
sid: resolved (fixed in 2.97-2.1)
trixie: resolved (fixed in 2.97-2.1)
Red Hat
plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs
vendor_redhat·2011-03-06·CVSS 3.6
CVE-2012-3355 [LOW] CWE-377 plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs
plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
Statement: This issue does not affect the version of rhythmbox as shipped with Red Hat Enterprise Linux 5. This issue affects the version of rhythmbox as shipped with Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://a
GHSA
GHSA-3f36-xgxj-8g4q: (1) AlbumTab
ghsa_unreviewed·2022-05-17
CVE-2012-3355 [LOW] CWE-94 GHSA-3f36-xgxj-8g4q: (1) AlbumTab
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
OSV
CVE-2012-3355: (1) AlbumTab
osv·2012-07-17·CVSS 3.6
CVE-2012-3355 [LOW] CVE-2012-3355: (1) AlbumTab
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3355.htmlhttp://www.openwall.com/lists/oss-security/2012/06/25/5http://www.openwall.com/lists/oss-security/2012/06/25/7http://www.securityfocus.com/bid/54186http://www.ubuntu.com/usn/USN-1503-1https://bugzilla.gnome.org/show_bug.cgi?id=678661https://bugzilla.redhat.com/show_bug.cgi?id=835076https://exchange.xforce.ibmcloud.com/vulnerabilities/76538https://hermes.opensuse.org/messages/15351848http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3355.htmlhttp://www.openwall.com/lists/oss-security/2012/06/25/5http://www.openwall.com/lists/oss-security/2012/06/25/7http://www.securityfocus.com/bid/54186http://www.ubuntu.com/usn/USN-1503-1https://bugzilla.gnome.org/show_bug.cgi?id=678661https://bugzilla.redhat.com/show_bug.cgi?id=835076https://exchange.xforce.ibmcloud.com/vulnerabilities/76538https://hermes.opensuse.org/messages/15351848
2012-07-17
Published