CVE-2012-1088

low

Published 2014-02-15 · Modified 2026-04-29

CVSS v3

—

CVSS v2

3.3

VIR risk

3.3

Description

iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions
iproute2_project	iproute2	`{"endIncluding":"3.2.0"}`
iproute2_project	iproute2	`3.0.0`
iproute2_project	iproute2	`3.1.0`

References

http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git%3Ba=commit%3Bh=20ed7b24df05eadf83168d1d0ce0052a31380928
http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git%3Ba=commit%3Bh=e557d1ac3a156ba7521ba44b0b412af4542f83f8
http://marc.info/?l=bugtraq&m=139447903326211&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=797878
http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git%3Ba=commit%3Bh=20ed7b24df05eadf83168d1d0ce0052a31380928
http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git%3Ba=commit%3Bh=e557d1ac3a156ba7521ba44b0b412af4542f83f8
http://marc.info/?l=bugtraq&m=139447903326211&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=797878

CWEs

CWE-59

Verify integrity in audit chain (admin only). AS-IS.