Published: 20/12/2012 Updated: 11/04/2013
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Summary

The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.

Vulnerable Product Search on Vulmon Subscribe to Product

ovirt sanlock -

Vendor Advisories

Synopsis Important: Red Hat Storage 20 security, bug fix, and enhancement update #4 Type/Severity Security Advisory: Important Topic Updated Red Hat Storage 20 packages that fix multiple security issues,several bugs, and add enhancements are now availableThe Red Hat Security Response Team has rated this ...
Debian Bug report logs - #696424 sanlock: CVE-2012-5638 Package: sanlock; Maintainer for sanlock is Debian QA Group <packages@qadebianorg>; Source for sanlock is src:sanlock (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 20 Dec 2012 16:15:01 UTC Severity: grave Tags: patch, secur ...