Skip to content

GoLismero symlink attack

Low severity GitHub Reviewed Published May 4, 2022 to the GitHub Advisory Database • Updated Nov 22, 2024

Package

pip golismero (pip)

Affected versions

<= 0.6.3

Patched versions

None

Description

libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat.

References

Published by the National Vulnerability Database Mar 19, 2012
Published to the GitHub Advisory Database May 4, 2022
Last updated Nov 22, 2024
Reviewed Nov 22, 2024

Severity

Low

EPSS score

0.042%
(5th percentile)

Weaknesses

CVE ID

CVE-2012-0054

GHSA ID

GHSA-vwxc-3cfr-37jq

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.