CVE-2012-5477
published 2014-05-08CVE-2012-5477: The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.
PriorityP48low3.6CVSS 2.0
AVLACLAuNCNIPAP
EPSS
0.33%
24.6th percentile
The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| isc | bind9 | >= 0 < 1:9.9.5.dfsg-3ubuntu0.4 | 1:9.9.5.dfsg-3ubuntu0.4 |
| theforeman | foreman | <= 1.0 | — |
CVSS provenance
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:N/I:P/A:P
osv7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9crx-xc3m-v3x2: The smart proxy in Foreman before 1
ghsa_unreviewed·2022-05-17
CVE-2012-5477 [LOW] GHSA-9crx-xc3m-v3x2: The smart proxy in Foreman before 1
The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.
OSV
bind9 vulnerabilities
osv·2015-07-28·CVSS 7.1
CVE-2015-5477 bind9 vulnerabilities
bind9 vulnerabilities
Jonathan Foote discovered that Bind incorrectly handled certain TKEY
queries. A remote attacker could use this issue with a specially crafted
packet to cause Bind to crash, resulting in a denial of service.
(CVE-2015-5477)
Pories Ediansyah discovered that Bind incorrectly handled certain
configurations involving DNS64. A remote attacker could use this issue with
a specially crafted query to cause Bind to crash, resulting in a denial of
service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5689)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-05-08
Published