CVE-2012-4417Insecure Temporary File in Glusterfs

CWE-264CWE-377Insecure Temporary File11 documents7 sources
Severity
3.6LOWNVD
EPSS
0.1%
top 64.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gluster Glusterfs
Timeline
PublishedNov 18
Latest updateMay 17

Description

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages2 packages

Debiangluster/glusterfs< 3.2.7-5+3

🔴Vulnerability Details

3
GHSA
GHSA-f7v9-7368-5x59: GlusterFS 32022-05-17
OSV
CVE-2012-4417: GlusterFS 32012-11-18
CVEList
CVE-2012-4417: GlusterFS 32012-11-18

📋Vendor Advisories

3
Red Hat
GlusterFS: insecure temporary file creation2013-03-28
Red Hat
GlusterFS: insecure temporary file creation2012-11-12
Debian
CVE-2012-4417: glusterfs - GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to ov...2012

💬Community

4
Bugzilla
CVE-2012-5635 GlusterFS: insecure temporary file creation2012-12-12
Bugzilla
CVE-2012-4417 GlusterFS: insecure temporary file creation [fedora-all]2012-11-12
Bugzilla
CVE-2012-4417 GlusterFS: insecure temporary file creation [epel-all]2012-11-12
Bugzilla
CVE-2012-4417 GlusterFS: insecure temporary file creation2012-09-11
CVE-2012-4417 — Insecure Temporary File in Glusterfs | cvebase