CVE-2015-5200 - The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allow

CVE-2015-5200

Summary

The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.

References

Vulnerable Configurations

cpe:2.3:a:libvdpau_project:libvdpau:*:*:*:*:*:*:*:*
cpe:2.3:a:libvdpau_project:libvdpau:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

CVSS

Base:	6.3 (as of 22-12-2016 - 02:59)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:N/C:N/I:C/A:C

refmap via4

bid	76636
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=1253827
debian	DSA-3355
fedora	FEDORA-2015-14850 FEDORA-2015-14851 FEDORA-2015-3ca3f2138b
mlist	[xorg-announce] 20150831 libvdpau 1.1.1
suse	openSUSE-SU-2015:1537
ubuntu	USN-2729-1

Last major update

22-12-2016 - 02:59

Published

08-09-2015 - 15:59

Last modified

22-12-2016 - 02:59