CVE-2012-5635
Last modified
CVE-2012-5635 is a vulnerability of currently unknown severity. The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417.. EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gluster | Glusterfs | All versions |
| Redhat | Storage Management Console | 2.0 |
| Redhat | Storage Native Client | All versions |
| Redhat | Storage Server | 2.0 |
References
- http://rhn.redhat.com/errata/RHSA-2013-0691.htmlVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=886364Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0691.htmlVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=886364Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-5635?
How severe is CVE-2012-5635?
How do I fix CVE-2012-5635?
Are you affected by CVE-2012-5635?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST