Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2012-5635

Published: 09/04/2013 Updated: 13/02/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Storage Native Client

Vulnerability Summary

The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat storage native client -

redhat storage server 2.0

redhat storage management console 2.0

gluster glusterfs -

Vendor Advisories

Red Hat: Important: Red Hat Storage 2.0 security, bug fix, and enhancement update #4
Synopsis Important: Red Hat Storage 20 security, bug fix, and enhancement update #4 Type/Severity Security Advisory: Important Topic Updated Red Hat Storage 20 packages that fix multiple security issues,several bugs, and add enhancements are now availableThe Red Hat Security Response Team has rated this ...
Debian CVElist Bug Report Logs: glusterfs: cve-2012-5635
Debian Bug report logs - #704944 glusterfs: cve-2012-5635 Package: src:glusterfs; Maintainer for src:glusterfs is Patrick Matthäi <pmatthaei@debianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Mon, 8 Apr 2013 02:06:02 UTC Severity: important Fixed in version glusterfs/350-1 Done: Patrick Matt ...
Debian CVElist Bug Report Logs: glusterfs: Several security vulnerabilities
Debian Bug report logs - #912997 glusterfs: Several security vulnerabilities Package: glusterfs; Maintainer for glusterfs is Patrick Matthäi <pmatthaei@debianorg>; Reported by: Markus Koschany <apo@debianorg> Date: Mon, 5 Nov 2018 18:12:01 UTC Severity: grave Tags: security Found in version 414-1 Fixed in vers ...
Red Hat: CVE-2012-5635
Multiple insecure temporary file creation flaws were found in Red Hat Storage A local user on the Red Hat Storage server could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack ...

References

CWE-264http://rhn.redhat.com/errata/RHSA-2013-0691.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=886364https://access.redhat.com/errata/RHSA-2013:0691https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2012-5635
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook