Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.6
CVSSv2

CVE-2012-5638

Published: 20/12/2012 Updated: 11/04/2013
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Subscribe to Ovirt

Vulnerability Summary

The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.

Vulnerable Product Search on Vulmon Subscribe to Product

ovirt sanlock -

Vendor Advisories

Red Hat: Important: Red Hat Storage 2.0 security, bug fix, and enhancement update #4
Synopsis Important: Red Hat Storage 20 security, bug fix, and enhancement update #4 Type/Severity Security Advisory: Important Topic Updated Red Hat Storage 20 packages that fix multiple security issues,several bugs, and add enhancements are now availableThe Red Hat Security Response Team has rated this ...
Debian CVElist Bug Report Logs: sanlock: CVE-2012-5638
Debian Bug report logs - #696424 sanlock: CVE-2012-5638 Package: sanlock; Maintainer for sanlock is Debian QA Group <packages@qadebianorg>; Source for sanlock is src:sanlock (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 20 Dec 2012 16:15:01 UTC Severity: grave Tags: patch, secur ...

References

CWE-264https://bugzilla.redhat.com/show_bug.cgi?id=887010http://rhn.redhat.com/errata/RHSA-2013-0691.htmlhttps://access.redhat.com/errata/RHSA-2013:0691https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook