CVE-2016-3992 — Improper Access Control in Cronic

CWE-284 — Improper Access Control4 documents4 sources

Severity

6.2MEDIUMNVD

EPSS

0.1%

top 81.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cronic Project Cronic Debian Cronic Debian Linux +2 more

Timeline

PublishedJul 26

Latest updateMay 14

Description

cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/cronic< cronic 3-1 (bookworm)

▶Debiancronic_project/cronic< 3-1+3

▶NVDcronic_project/cronic2

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-2j8h-r33w-q9rh: cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic↗2022-05-14

▶

OSV

CVE-2016-3992: cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic↗2016-07-26

▶

📋Vendor Advisories

Debian

CVE-2016-3992: cronic - cronic before 3 allows local users to write to arbitrary files via a symlink att...↗2016

▶