CVE-2012-5663
First published: Mon Dec 30 2019(Updated: )
The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openbsd Textproc\/isearch | <1.47.01nb1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.openwall.com/lists/oss-security/2012/12/21/1
- https://security-tracker.debian.org/tracker/CVE-2012-5663
- http://gnats.netbsd.org/47360
- http://www.openwall.com/lists/oss-security/2012/12/21/2
- http://www.openwall.com/lists/oss-security/2012/12/21/3
- https://access.redhat.com/security/cve/cve-2012-5663
Frequently Asked Questions
What is CVE-2012-5663?
CVE-2012-5663 is a vulnerability in the isearch package (textproc/isearch) before version 1.47.01nb1 that allows the creation of insecure temporary files in a publicly-writable area (/tmp) using the tempnam() function.
What is the severity of CVE-2012-5663?
CVE-2012-5663 has a severity rating of 7.5 (High).
How does CVE-2012-5663 affect OpenBSD Textproc/isearch?
CVE-2012-5663 affects OpenBSD Textproc/isearch before version 1.47.01nb1.
How can I fix CVE-2012-5663?
To fix CVE-2012-5663, update the isearch package to version 1.47.01nb1 or later.
What are the references for CVE-2012-5663?
The references for CVE-2012-5663 are: [1] http://gnats.netbsd.org/47360, [2] http://www.openwall.com/lists/oss-security/2012/12/21/2, [3] http://www.openwall.com/lists/oss-security/2012/12/21/3
- collector/security-tracker-debian
- collector/nvd-index
- vendor/openbsd
- canonical/openbsd textproc\/isearch