CVE-2012-0054

Description

libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat.

How to fix CVE-2012-0054

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• PyPI/golismero—no fix listed
• PyPI/golismero—no fix listed

Is CVE-2012-0054 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, <= 0.6.3
• from 0

References (8)

• ADVISORYgithub.com/advisories/GHSA-vwxc-3cfr-37jq
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-0054
• PATCHgithub.com/golismero/golismero
• WEBcode.google.com/p/golismero/source/detail?r=2b3bb43d68676efd687361f7de29380189031ab8