Published: 20/12/2012 Updated: 11/04/2013
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Summary

The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

Vendor Advisories

Synopsis Important: Red Hat Storage 20 security, bug fix, and enhancement update #4 Type/Severity Security Advisory: Important Topic Updated Red Hat Storage 20 packages that fix multiple security issues,several bugs, and add enhancements are now availableThe Red Hat Security Response Team has rated this ...
Debian Bug report logs - #696424 sanlock: CVE-2012-5638 Package: sanlock; Maintainer for sanlock is Debian QA Group <packages@qadebianorg>; Source for sanlock is src:sanlock (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 20 Dec 2012 16:15:01 UTC Severity: grave Tags: patch, secur ...