Upstream information
Description
gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
NVD | |
---|---|
Base Score | 3.6 |
Vector | AV:L/AC:L/Au:N/C:N/I:P/A:P |
Access Vector | Local |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | Partial |
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA gnucash-2.2.7-1.35 |
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-10798 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 01:43:10 2013CVE page last modified: Mon Sep 9 16:40:07 2024