PT-2012-4722 · Open Networking Foundation · Openvswitch

Andreas Beckmann

Published

2012-08-07

Updated

2024-06-15

CVE-2012-3449

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Open vSwitch version 1.4.2

Description The issue allows local users to delete and overwrite arbitrary files due to world-writable permissions for certain directories. Specifically, the directories /var/lib/openvswitch/pki/controllerca/incoming/ and /var/lib/openvswitch/pki/switchca/incoming/ have insecure permissions.

Recommendations For Open vSwitch version 1.4.2, consider changing the permissions of the /var/lib/openvswitch/pki/controllerca/incoming/ and /var/lib/openvswitch/pki/switchca/incoming/ directories to prevent world-writable access, thereby restricting the ability of local users to delete or overwrite files in these directories.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-3449

OPENSUSE-SU-2024:10150-1

OPENSUSE-SU-2024:12037-1

Affected Products

Openvswitch

PT-2012-4722 · Open Networking Foundation · Openvswitch

CVE-2012-3449

Weakness Enumeration

Related Identifiers

Affected Products

References · 13