CVE-2015-0858

Publication date 6 May 2016

Last updated 24 July 2024

Ubuntu priority

Why this priority?

Cvss 3 Severity Score

Score breakdown

Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
tardiff	16.04 LTS xenial	Not affected
	15.10 wily	Fixed 0.1-2+deb8u2build0.15.10.1
	15.04 vivid	Ignored end of life
	14.04 LTS trusty	Fixed 0.1-2+deb8u2build0.14.04.1
	12.04 LTS precise	Not in release

Severity score breakdown

Parameter	Value
Base score	3.3 · Low
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	Low
Availability impact	None
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

Other references

https://www.cve.org/CVERecord?id=CVE-2015-0858