Main Vulnerability Database Vulnerabilities #VU37095

Race condition in Debian Linux - CVE-2016-10538

Published: May 31, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37095

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-10538

CWE-ID: CWE-362

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Debian

Affected software:
Debian Linux

Detailed vulnerability description

The vulnerability allows a remote authenticated user to manipulate data.

The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.

How to mitigate CVE-2016-10538

Install update from vendor's website.

Sources

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252
https://github.com/node-js-libs/cli/issues/81
https://nodesecurity.io/advisories/95

Race condition in Debian Linux - CVE-2016-10538

Detailed vulnerability description

How to mitigate CVE-2016-10538

Sources

Please verify you're human