VIR Vulnerability Intelligence Relay

CVE-2012-3500

low
Published 2012-10-01 · Modified 2026-04-29
CVSS v3
CVSS v2
1.2
VIR risk
1.2

Description

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-3500

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.debian.org/security/2012/dsa-2549

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/50600

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed2.12.2
debian debianbullseyefixed2.12.2
debian debianforkyfixed2.12.2
debian debiansidfixed2.12.2
debian debiantrixiefixed2.12.2

Application impact
VendorProductVersionsFixed
devscripts_devel_teamdevscripts{"endIncluding":"2.12.1"}
devscripts_devel_teamdevscripts2.12.0
fedora fedorarpmdevtools{"endIncluding":"8.2-1"}

References

CWEs

CWE-362

Verify integrity in audit chain (admin only). AS-IS.