Описание
The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.
It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kexec-tools | Not affected | ||
| Red Hat Enterprise Linux 6 | kexec-tools | Not affected | ||
| Red Hat Enterprise Linux 7 | kexec-tools | Fixed | RHSA-2015:0986 | 12.05.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.6 Low
CVSS2
Связанные уязвимости
The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.
The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.
The Red Hat module-setup.sh script for kexec-tools, as distributed in ...
The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.
ELSA-2015-0986: kexec-tools security, bug fix, and enhancement update (MODERATE)
EPSS
3.6 Low
CVSS2