CVE-2015-7543

CWE-362 — Race Condition9 documents5 sources

Severity

7.0HIGH

EPSS

0.1%

top 71.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE Kdelibs Artsproject Arts

Timeline

PublishedJul 25

Latest updateMay 17

Description

aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

▶NVDartsproject/arts1.5.10

▶NVDkde/kdelibs3.5.10

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-f439-6pj6-2532: aRts 1↗2022-05-17

▶

CVEList

CVE-2015-7543: aRts 1↗2017-07-25

▶

📋Vendor Advisories

Red Hat

arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC↗2015-12-07

▶

💬Community

Bugzilla

CVE-2015-7543 arts: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [fedora-all]↗2015-12-07

▶

Bugzilla

CVE-2015-7543 kdelibs3: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [epel-7]↗2015-12-07

▶

Bugzilla

CVE-2015-7543 kdelibs3: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [fedora-all]↗2015-12-07

▶

Bugzilla

CVE-2015-7543 arts: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [epel-7]↗2015-12-07

▶

Bugzilla

CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC↗2015-11-12

▶