You are here

CVE-2012-4417

Vincent (CVE) Danen's picture
GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Details Source

Mitre

Public Date

2012-11-12 00:00:00

Impact

Low

Bugzilla

CVE-2012-4417 GlusterFS: insecure temporary file creation

Bugzilla ID

856 341

CVSS Status

verified

Base Score

2.10

Base Metrics

AV:L/AC:L/Au:N/C:N/I:P/A:N

Acknowledgements

These issues were discovered by Kurt Seifried of Red Hat, and Jim Meyering.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Storage Native Client for Red Hat Enterprise Linux 6 (glusterfs) RHSA-2012:1456 2012-11-12
Red Hat Storage Native Client for Red Hat Enterprise Linux 5 (glusterfs) RHSA-2012:1456 2012-11-12
Red Hat Storage Server 2.0 (glusterfs) RHSA-2012:1456 2012-11-12

CWE

CWE-377