PT-2013-1819 · Red Hat · Red Hat Server+2
Kurt Seifried
+1
·
Published
2013-04-09
·
Updated
2023-02-13
·
CVE-2012-5635
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat Storage Management Console version 2.0
Red Hat Native Client version 2.0
Red Hat Server version 2.0
Description
The issue allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by certain scripts, including tests/volume.rc and extras/hook-scripts/S30samba-stop.sh.
Recommendations
For Red Hat Storage Management Console version 2.0, consider restricting access to the temporary files created by the vulnerable scripts until a fix is available.
For Red Hat Native Client version 2.0, avoid using the vulnerable scripts in a way that could allow a symlink attack.
For Red Hat Server version 2.0, restrict access to the vulnerable temporary files to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Native Client
Red Hat Server
Red Hat Storage Management Console