CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
5.1%
rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.
Vendor | Product | Version | CPE |
---|---|---|---|
rpath | initscripts | 8.12-8.21 | cpe:2.3:a:rpath:initscripts:8.12-8.21:*:*:*:*:*:*:* |
rpath | initscripts | 8.56.15-0.1 | cpe:2.3:a:rpath:initscripts:8.56.15-0.1:*:*:*:*:*:*:* |
rpath | appliance_platform_linux_service | 1 | cpe:2.3:o:rpath:appliance_platform_linux_service:1:*:*:*:*:*:*:* |
rpath | appliance_platform_linux_service | 2 | cpe:2.3:o:rpath:appliance_platform_linux_service:2:*:*:*:*:*:*:* |
rpath | linux | 1 | cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:* |
rpath | linux | 2 | cpe:2.3:o:rpath:linux:2:*:*:*:*:*:*:* |