Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5638

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2012-5638
Last Modified 10 Apr 2013 11:32:01
Published 20 Dec 2012 07:02:18
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-5638

Summary

The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.

Vulnerable Systems

Application

  • Ovirt Sanlock -


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=887010

REDHAT - RHSA-2013:0691


Last Updated: 27 May 2016 10:57:38