VDB
CVE-2015-1200
CVE-2015-1200
PUBLISHED
CVSS 2.0999999046325684 LOW
Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions.
EPSS 0.04% · 11.5th percentile
Risk Scores
CVSS 2.0
2.0999999046325684
EPSS Score
0.04%
11.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| pxz_project | pxz | 4.999.99 |
Timeline
- Jan 23, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- pxz-cve20151200-sec-bypass(100207) vdb
- [oss-security] 20150118 Re: CVE Request: pxz -- race condition in setting permissions mailing-list
- 72101 vdb
- FEDORA-2020-07fcbfddbd vendor-advisory
- FEDORA-2020-8b89d5b9eb vendor-advisory
- FEDORA-2020-c9eb911737 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-1200 advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3UCBCIN6M5EXFET4RGQTVSSL5S57XCH url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBKV7AT6O3FGQ735PFOGQ4Q5VODMSHE5 url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XDCG7YJRDOR66V3WJDQPLMFSDULQDADC url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3UCBCIN6M5EXFET4RGQTVSSL5S57XCH url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBKV7AT6O3FGQ735PFOGQ4Q5VODMSHE5 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDCG7YJRDOR66V3WJDQPLMFSDULQDADC url