Описание
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
A flaw was found in swtpm. This flaw allows an attacker to create a symbolic link with the name of the temporary file (TMP2-00.permall for TPM 2) and have this point to a valuable file, which will get overwritten by swtpm. The success of the attack depends on the attacker having access to the TPM's state directory (--tpmstate dir). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.2/swtpm | Will not fix | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.3/swtpm | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:av/swtpm | Not affected | ||
| Red Hat Enterprise Linux 9 | swtpm | Not affected |
Показывать по
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be ...
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
7.3 High
CVSS3