Description
Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Dan Rosenberg · textlocallinux
https://www.exploit-db.com/exploits/33963
References (7)
Core 7
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39746
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/05/07/6
Various Sources x_refsource_confirm
http://savannah.gnu.org/bugs/?29755
Various Sources x_refsource_confirm
http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336
Patch x_refsource_confirm
http://ftpmain.gnustep.org/pub/gnustep/core/gnustep-base-1.20.0.tar.gz
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40005
Exploit x_refsource_confirm
https://bugs.launchpad.net/ubuntu/+source/gnustep-base/+bug/573108
Scores
EPSS
0.0013
EPSS Percentile
32.8%
Details
CWE
CWE-200
Status
published
Products (14)
gnustep/gnustep_base
1.11.2
gnustep/gnustep_base
1.12.0
gnustep/gnustep_base
1.13.0
gnustep/gnustep_base
1.14.0
gnustep/gnustep_base
1.15.0
gnustep/gnustep_base
1.15.1
gnustep/gnustep_base
1.15.2
gnustep/gnustep_base
1.15.4
gnustep/gnustep_base
1.17.0
gnustep/gnustep_base
1.18.0
... and 4 more
Published
May 12, 2010
Tracked Since
Feb 18, 2026