CVE-2012-5635 — Insecure Temporary File in Redhat Storage Management Console

CWE-377 — Insecure Temporary File7 documents7 sources

Severity

2.1LOWNVD

CNA3.6OSV3.6

EPSS

0.1%

top 81.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gluster Glusterfs Redhat Storage Management Console Redhat Storage Server

Timeline

PublishedApr 9

Latest updateMay 17

Description

The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDredhat/storage_management_console2.0

▶NVDredhat/storage_server2.0

▶Debiangluster/glusterfs< 3.5.0-1+3

🔴Vulnerability Details

GHSA

GHSA-w74w-4wpp-3vmm: The GlusterFS functionality in Red Hat Storage Management Console 2↗2022-05-17

▶

CVEList

CVE-2012-5635: The GlusterFS functionality in Red Hat Storage Management Console 2↗2013-04-09

▶

OSV

CVE-2012-5635: The GlusterFS functionality in Red Hat Storage Management Console 2↗2013-04-09

▶

📋Vendor Advisories

Red Hat

GlusterFS: insecure temporary file creation↗2013-03-28

▶

Debian

CVE-2012-5635: glusterfs - The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Cl...↗2012

▶

💬Community

Bugzilla

CVE-2012-5635 GlusterFS: insecure temporary file creation↗2012-12-12

▶