Vulnerability Description
cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.
CVSS Score
6.2
MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cronic Project | Cronic | 2 |
| Debian | Debian Linux | 7.0 |
| Opensuse | Leap | 42.1 |
| Opensuse | Opensuse | 13.2 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00013.htmlThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/04/09/4
- http://www.openwall.com/lists/oss-security/2016/04/10/2
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820331Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00013.htmlThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/04/09/4
- http://www.openwall.com/lists/oss-security/2016/04/10/2
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820331Third Party Advisory
FAQ
What is CVE-2016-3992?
CVE-2016-3992 is a vulnerability with a CVSS score of 6.2 (MEDIUM). cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.
How severe is CVE-2016-3992?
CVE-2016-3992 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3992?
Check the references section above for vendor advisories and patch information. Affected products include: Cronic Project Cronic, Debian Debian Linux, Opensuse Leap, Opensuse Opensuse.