CVE-2012-5638

Impact:
Low
Public Date:
2012-08-22
Bugzilla:
887010: CVE-2012-5638 sanlock world writable /var/log/sanlock.log

The MITRE CVE dictionary describes this issue as:

The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.

Find out more about CVE-2012-5638 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 2.1
Base Metrics AV:L/AC:L/Au:N/C:N/I:N/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Storage 2.0 Console RHSA-2013:0691 2013-03-28
RHEV Agents (vdsm) (sanlock) RHBA-2012:1507 2012-12-04
Red Hat Storage Native Client for Red Hat Enterprise Linux 6 (glusterfs) RHSA-2013:0691 2013-03-28
Red Hat Storage Native Client for Red Hat Enterprise Linux 5 (glusterfs) RHSA-2013:0691 2013-03-28
Red Hat Storage Server 2.0 (sanlock) RHSA-2013:0691 2013-03-28

Acknowledgements

This issue was discovered by Red Hat.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.