CVE-2012-5564
First published: Fri Nov 23 2012(Updated: )
An insecure temporary file use flaw was found in the way server component of android tools, a suite of Android Debug Bridge (ADB) platform tools, performed logging of server events upon server startup. A local attacker could use this flaw to conduct symbolic links attacks, possibly leading to their ability to append unauthorized content to system files accessible with the privileges of the user running the adb executable. References: [1] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688280">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688280</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android SDK Platform Tools |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688280
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=879585
- http://www.openwall.com/lists/oss-security/2012/11/23/1
- https://access.redhat.com/security/cve/CVE-2012-5564
- http://www.openwall.com/lists/oss-security/2012/11/23/8
- https://bugzilla.redhat.com/show_bug.cgi?id=879582
- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098527.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098529.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098532.html
- http://www.securityfocus.com/bid/56653
Frequently Asked Questions
What is the severity of CVE-2012-5564?
CVE-2012-5564 has a medium severity rating due to the potential for symbolic link attacks.
How do I fix CVE-2012-5564?
To fix CVE-2012-5564, update to the latest version of the Android Debug Bridge platform tools.
What type of attack can be conducted due to CVE-2012-5564?
CVE-2012-5564 can lead to symbolic link attacks by local attackers.
Which software is affected by CVE-2012-5564?
CVE-2012-5564 affects Google Android SDK Platform Tools.
Is CVE-2012-5564 a remote or local vulnerability?
CVE-2012-5564 is a local vulnerability that requires physical access to the device.
- agent/references
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-5564
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- vendor/google
- canonical/google android sdk platform tools