CVE-2016-8605
Description
The mkdir procedure of GNU Guile temporarily changed the process umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.089
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2017:0394-1(SUSE Linux Enterprise Server 11-SP4 ) guile-1.8.5-24.1.x86_64.rpm | Linux |
| SUSE-SU-2017:0398-1(SUSE Linux Enterprise Desktop 12-SP1 ) guile-2.0.9-8.3.x86_64.rpm | Linux |
| SUSE-SU-2017:0398-1(SUSE Linux Enterprise Desktop 12-SP1 ) guile-debuginfo-2.0.9-8.3.x86_64.rpm | Linux |
| SUSE-SU-2017:0398-1(SUSE Linux Enterprise Desktop 12-SP1 ) guile-debugsource-2.0.9-8.3.x86_64.rpm | Linux |
| SUSE-SU-2017:0398-1(SUSE Linux Enterprise Desktop 12-SP1 ) guile-modules-2_0-2.0.9-8.3.x86_64.rpm | Linux |
| SUSE-SU-2017:0398-1(SUSE Linux Enterprise Desktop 12-SP1 ) libguile-2_0-22-2.0.9-8.3.x86_64.rpm | Linux |
| SUSE-SU-2017:0398-1(SUSE Linux Enterprise Desktop 12-SP1 ) libguile-2_0-22-debuginfo-2.0.9-8.3.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234