CVE-2015-0858

low-risk

Published 2016-05-06

Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.3/10 Low

LOCAL / LOW complexity

Debian Linux

Tardiff

Tardiff Project Debian

http://www.debian.org/security/2016/dsa-3562

http://www.debian.org/security/2016/dsa-3562

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 7/34 · Low