// For flags

CVE-2016-8605

 

Severity Score

5.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.

El procedimiento mkdir de GNU Guile cambió temporalmente el umask del proceso a cero. Durante ese intervalo de tiempo, en una aplicación multiproceso, otros hilos podrían terminar creando archivos con permisos inseguros. Por ejemplo, mkdir sin el argumento de modo opcional crearía directorios como 0777. Esto se fija en Guile 2.0.13. Las versiones anteriores están afectadas.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-10-11 CVE Reserved
  • 2017-01-12 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-275: Permission Issues
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
23
Search vendor "Fedoraproject" for product "Fedora" and version "23"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
24
Search vendor "Fedoraproject" for product "Fedora" and version "24"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
25
Search vendor "Fedoraproject" for product "Fedora" and version "25"
-
Affected
Gnu
Search vendor "Gnu"
Guile
Search vendor "Gnu" for product "Guile"
<= 2.0.12
Search vendor "Gnu" for product "Guile" and version " <= 2.0.12"
-
Affected