CVE-2016-7490
HIGHTeradata Studio Express 15.12.00.00 - Privilege Escalation via Insecure /tmp File Creation
Title source: llmDescription
The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
http://www.vapidlabs.com/advisory.php?v=174
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94255
Scores
CVSS v3
7.8
EPSS
0.0058
EPSS Percentile
43.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
CWE-59
Status
published
Products (2)
Teradata/Studio Express
15.12.00.00
teradata/studio_express
15.12.00.00
Published
Nov 10, 2016
Tracked Since
Feb 18, 2026