CVE-2012-5644

Опубликовано: 28 мар. 2013

Источник: redhat

CVSS2: 4.7

Описание

libuser has information disclosure when moving user's home directory

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Меры по смягчению последствий

There are several restrictions to successful exploitation of this flaw:

1. ONLY applications compiled with libuser are affected. The affected code is hit only when a move operation is conducted on user home directory. 2. The attacker needs to have a shell account on the target machine. 3. Since this is a TOCTOU attack, precise timing is required for the attack. The attacker needs to know exactly when the move directory is moved in order successfully exploit this flaw.

Any other application acting on user directories (not compiled with libuser) for example usermod/userdel are not affected by this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	libuser	Will not fix
Red Hat Enterprise Linux 6	libuser	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=885724libuser: (Complete) Information disclosure when moving user's home directory

4.7 Medium

CVSS2

Связанные уязвимости

CVE-2012-5644

CVSS3: 5.5

ubuntu

около 6 лет назад

libuser has information disclosure when moving user's home directory

CVE-2012-5644

CVSS3: 5.5

nvd

около 6 лет назад

libuser has information disclosure when moving user's home directory

CVE-2012-5644

CVSS3: 5.5

debian

около 6 лет назад

libuser has information disclosure when moving user's home directory

GHSA-h7j3-xrmw-5xv3

CVSS3: 5.5

github

почти 4 года назад

libuser has information disclosure when moving user's home directory

4.7 Medium

CVSS2