CVE-2015-5224

CWE-3778 documents7 sources
Severity
9.8CRITICAL
EPSS
4.1%
top 11.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Kernel Util-linux
Timeline
PublishedAug 23
Latest updateMay 13

Description

The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianutil-linux< 2.27-1+3
NVDkernel/util-linux2.26.2+1

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-g2jw-fqx3-5mwq: The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attac2022-05-13
OSV
CVE-2015-5224: The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attac2017-08-23
CVEList
CVE-2015-5224: The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attac2017-08-23

📋Vendor Advisories

2
Red Hat
util-linux: File name collision due to incorrect mkstemp use2015-08-24
Debian
CVE-2015-5224: util-linux - The mkostemp function in login-utils in util-linux when used incorrectly allows ...2015

💬Community

2
Bugzilla
CVE-2015-5224 util-linux: File name collision due to incorrect mkstemp use [fedora-all]2015-08-25
Bugzilla
CVE-2015-5224 util-linux: File name collision due to incorrect mkstemp use2015-08-25
CVE-2015-5224 (CRITICAL CVSS 9.8) | The mkostemp function in login-util | cvebase.io