PT-2010-5336 · Libosdp+1 · Libosdp+1

Leif Nixon

Published

2010-11-22

Updated

2020-11-05

CVE-2010-4173

CVSS v2.0

3.3

Low

Vector

AV:L/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions libsdp versions 1.1.104 and earlier

Description The default configuration of libsdp.conf in libsdp creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log temporary file.

Recommendations For versions 1.1.104 and earlier, consider changing the default log file location from /tmp to a more secure directory to prevent local users from overwriting arbitrary files. As a temporary workaround, restrict access to the /tmp directory to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALT-PU-2020-3191

ALT-PU-2020-3205

CVE-2010-4173

Affected Products

Alt Linux

Libosdp

PT-2010-5336 · Libosdp+1 · Libosdp+1

CVE-2010-4173

Weakness Enumeration

Related Identifiers

Affected Products

References · 12