CVE-2013-0159 — HIGH (7.1) — White Hats Nepal

Vulnerability Description

The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.

CVSS Score

7.1

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fedoraproject	Fedora	17

Related Weaknesses (CWE)

CWE-59

References

https://bugzilla.redhat.com/show_bug.cgi?id=892299Issue TrackingPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=892815Issue TrackingThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=892299Issue TrackingPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=892815Issue TrackingThird Party Advisory

FAQ

What is CVE-2013-0159?

CVE-2013-0159 is a vulnerability with a CVSS score of 7.1 (HIGH). The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlin...

How severe is CVE-2013-0159?

CVE-2013-0159 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-0159?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora.