ALT-PU-2015-1397-1
Closed vulnerabilities
Published: 2015-06-02
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2015-4155
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
Severity: LOW (3.6)
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
References:
- http://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
- http://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html
- http://www.securityfocus.com/bid/74962
- http://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
- http://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html
- http://www.securityfocus.com/bid/74962
Published: 2015-06-02
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2015-4156
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
Severity: LOW (3.6)
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
References:
- http://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
- http://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00090.html
- http://www.securityfocus.com/bid/74961
- http://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
- http://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00090.html
- http://www.securityfocus.com/bid/74961