Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3440

Overview

Vulnerability Score 5.6 5.6
CVE Id CVE-2012-3440
Last Modified 08 Aug 2012 12:00:00
Published 08 Aug 2012 06:26:19
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2012-3440

Summary

A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 5

Application

  • Todd Miller Sudo 1.7.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=844442

Related Patches

Red Hat 2012:1149-01 RHSA Moderate: sudo security and bug fix update for RHEL 5 x86

Red Hat 2012:1149-01 RHSA Moderate: sudo security and bug fix update for RHEL 5 x86_64


Last Updated: 27 May 2016 10:55:02