Published: 09/04/2013 Updated: 10/04/2013
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

Vendor Advisories

Synopsis Important: Red Hat Storage 20 security, bug fix, and enhancement update #4 Type/Severity Security Advisory: Important Topic Updated Red Hat Storage 20 packages that fix multiple security issues,several bugs, and add enhancements are now availableThe Red Hat Security Response Team has rated this ...
Debian Bug report logs - #704944 glusterfs: cve-2012-5635 Package: src:glusterfs; Maintainer for src:glusterfs is Patrick Matthäi <pmatthaei@debianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Mon, 8 Apr 2013 02:06:02 UTC Severity: important Fixed in version glusterfs/350-1 Done: Patrick Matt ...
Multiple insecure temporary file creation flaws were found in Red Hat Storage A local user on the Red Hat Storage server could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack ...
Debian Bug report logs - #912997 glusterfs: Several security vulnerabilities Package: glusterfs; Maintainer for glusterfs is Patrick Matthäi <pmatthaei@debianorg>; Reported by: Markus Koschany <apo@debianorg> Date: Mon, 5 Nov 2018 18:12:01 UTC Severity: grave Tags: security Found in version 414-1 Fixed in vers ...