CVE-2012-3440 — Link Following in Redhat Enterprise Linux

CWE-59 — Link Following CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition6 documents6 sources

Severity

5.6MEDIUMNVD

EPSS

0.1%

top 73.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux Todd Miller Sudo

Timeline

PublishedAug 8

Latest updateMay 17

Description

A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.

CVSS vector

AV:L/AC:H/C:N/I:C/A:CExploitability: 1.9 | Impact: 9.2

Affected Packages1 packages

▶NVDtodd_miller/sudo1.7.2

Also affects: Enterprise Linux 5

🔴Vulnerability Details

GHSA

GHSA-f2xg-m95q-882q: A certain Red Hat script for sudo 1↗2022-05-17

▶

CVEList

CVE-2012-3440: A certain Red Hat script for sudo 1↗2012-08-08

▶

📋Vendor Advisories

Red Hat

sudo: insecure temporary file use in RPM %postun script↗2012-08-07

▶

Debian

CVE-2012-3440: sudo - A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 all...↗2012

▶

💬Community

Bugzilla

CVE-2012-3440 sudo: insecure temporary file use in RPM %postun script↗2012-07-30

▶