Описание
The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | sanlock | Affected | ||
| Native Client for RHEL 5 for Red Hat Storage | glusterfs | Fixed | RHSA-2013:0691 | 28.03.2013 |
| Native Client for RHEL 6 for Red Hat Storage | glusterfs | Fixed | RHSA-2013:0691 | 28.03.2013 |
| Red Hat Storage 2.0 | appliance | Fixed | RHSA-2013:0691 | 28.03.2013 |
| Red Hat Storage 2.0 | augeas | Fixed | RHSA-2013:0691 | 28.03.2013 |
| Red Hat Storage 2.0 | glusterfs | Fixed | RHSA-2013:0691 | 28.03.2013 |
| Red Hat Storage 2.0 | gluster-swift | Fixed | RHSA-2013:0691 | 28.03.2013 |
| Red Hat Storage 2.0 | libvirt | Fixed | RHSA-2013:0691 | 28.03.2013 |
| Red Hat Storage 2.0 | rhn-client-tools | Fixed | RHSA-2013:0691 | 28.03.2013 |
| Red Hat Storage 2.0 | sanlock | Fixed | RHSA-2013:0691 | 28.03.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.1 Low
CVSS2
Связанные уязвимости
The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.
The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.
The setup_logging function in log.h in SANLock uses world-writable per ...
The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.
EPSS
2.1 Low
CVSS2