CentOS ProjectCESA-2005:583-01dump, rmt security update
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
5.1%
CentOS Errata and Security Advisory CESA-2005:583-01
Dump examines files in a file system, determines which ones need to be
backed up, and copies those files to a specified disk, tape, or other
storage medium.
A flaw was found with dump file locking. A malicious local user could
manipulate the file lock in such a way as to prevent dump from running.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned
the name CAN-2002-1914 to this issue.
Users of dump should upgrade to these erratum packages, which contain a
patch to resolve this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-August/074167.html
Affected packages:
dump
rmt
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 2 | i386 | dump | < 0.4b25-1.72.2 | dump-0.4b25-1.72.2.i386.rpm |
| CentOS | 2 | i386 | rmt | < 0.4b25-1.72.2 | rmt-0.4b25-1.72.2.i386.rpm |
Related
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
5.1%