2.1
CVSSv2

CVE-2012-5635

Published: 09/04/2013 Updated: 10/04/2013
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417.

Vulnerable Product Search on Vulmon Subscribe to Product

gluster glusterfs -

redhat storage management console 2.0

redhat storage native client -

redhat storage server 2.0

Vendor Advisories

Debian Bug report logs - #704944 glusterfs: cve-2012-5635 Package: src:glusterfs; Maintainer for src:glusterfs is Patrick Matthäi <pmatthaei@debianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Mon, 8 Apr 2013 02:06:02 UTC Severity: important Fixed in version glusterfs/350-1 Done: Patrick Matt ...
Synopsis Important: Red Hat Storage 20 security, bug fix, and enhancement update #4 Type/Severity Security Advisory: Important Topic Updated Red Hat Storage 20 packages that fix multiple security issues,several bugs, and add enhancements are now availableThe Red Hat Security Response Team has rated this ...
Multiple insecure temporary file creation flaws were found in Red Hat Storage A local user on the Red Hat Storage server could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack ...
Debian Bug report logs - #912997 glusterfs: Several security vulnerabilities Package: glusterfs; Maintainer for glusterfs is Patrick Matthäi <pmatthaei@debianorg>; Reported by: Markus Koschany <apo@debianorg> Date: Mon, 5 Nov 2018 18:12:01 UTC Severity: grave Tags: security Found in version 414-1 Fixed in vers ...