CVE-2015-7543
published 2017-07-25CVE-2015-7543: aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the…
PriorityP425high7CVSS 3.0
AVLACHPRLUINSUCHIHAH
EPSS
0.24%
15.6th percentile
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artsproject | arts | — | — |
| kde | kdelibs | <= 3.5.10 | — |
CVSS provenance
nvdv3.07.0HIGHCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f439-6pj6-2532: aRts 1
ghsa_unreviewed·2022-05-17
CVE-2015-7543 [HIGH] CWE-362 GHSA-f439-6pj6-2532: aRts 1
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.
Red Hat
arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC
vendor_redhat·2015-12-07·CVSS 7.0
CVE-2015-7543 [HIGH] CWE-362 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC
arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.
Package: arts (Red Hat Enterprise Linux 5) - Will not fix
Package: arts (Red Hat Enterprise Linux 6) - Will not fix
Package: kdelibs3 (Red Hat Enterprise Linux 6) - Will not fix
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-14744 kdelibs3: kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction [epel-7]
bugzilla·2019-08-12·CVSS 7.8
CVE-2019-14744 [HIGH] CVE-2019-14744 kdelibs3: kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction [epel-7]
CVE-2019-14744 kdelibs3: kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit
Bugzilla
CVE-2015-7543 arts: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [fedora-all]
bugzilla·2015-12-07·CVSS 7.0
CVE-2015-7543 [HIGH] CVE-2015-7543 arts: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [fedora-all]
CVE-2015-7543 arts: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple s
Bugzilla
CVE-2015-7543 kdelibs3: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [epel-7]
bugzilla·2015-12-07·CVSS 7.0
CVE-2015-7543 [HIGH] CVE-2015-7543 kdelibs3: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [epel-7]
CVE-2015-7543 kdelibs3: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for kdelib
Bugzilla
CVE-2015-7543 kdelibs3: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [fedora-all]
bugzilla·2015-12-07·CVSS 7.0
CVE-2015-7543 [HIGH] CVE-2015-7543 kdelibs3: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [fedora-all]
CVE-2015-7543 kdelibs3: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
Bugzilla
CVE-2015-7543 arts: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [epel-7]
bugzilla·2015-12-07·CVSS 7.0
CVE-2015-7543 [HIGH] CVE-2015-7543 arts: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [epel-7]
CVE-2015-7543 arts: arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for arts: see
Bugzilla
CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC
bugzilla·2015-11-12·CVSS 7.0
CVE-2015-7543 [HIGH] CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC
CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC
Description of problem:
aRts and kdelibs3 each use their own copy of the same "lnusertemp" code to create a user-specific socket directory for IPC. If the usual location, which is well-known, is unavailable, a random directory name is created with mktemp(3). A malicious process could therefore create the well-known location to force the race condition inherit in mktemp(3), and then potentially beat it in order to hijack the IPC of aRts and/or KDE.
Version-Release number of selected component (if applicable):
arts-1.5.10-26.fc22.x86_64
kdelibs3-3.5.10-68.fc22.x86_64
(I believe all versions of Fedora are affected, as well as RHEL 5 and 6)
Steps to Reproduce:
(Warning: Do NOT try this during a KDE session!)
0.
2017-07-25
Published