Vulnerability DatabaseCVE-2015-4156
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2015-4156
Published:June 02, 2015
Updated:May 07, 2026
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
Related Resources (6)
http://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
http://lists.opensuse.org/opensuse-updates/2015-05/msg00090.html
http://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4156
http://www.securityfocus.com/bid/74961
https://security-tracker.debian.org/tracker/CVE-2015-4156
Do you need more information?
Contact Us
CVSS v3
Base Score:
5.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
3.6
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Improper Link Resolution Before File Access ('Link Following')
CWE-59
EPSS
Base Score:
0.05