Lucene search

IbmCVE-2012-3329

HistoryDec 19, 2012 - 11:55 a.m.

CVE-2012-3329

2012-12-1911:55:54

CWE-59

ibm

web.nvd.nist.gov

ibm

asu

bomc

linux

symlink attack

file overwrite

security vulnerability

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file.

Affected configurations

Nvd

Node

ibmadvanced_settings_utilityMatch3.62

ibmadvanced_settings_utilityMatch3.70

ibmadvanced_settings_utilityMatch9.21

ibmbootable_media_creatorMatch2.30

ibmbootable_media_creatorMatch3.00

ibmbootable_media_creatorMatch9.21

AND

linuxlinux_kernel

VendorProductVersionCPE
ibmadvanced_settings_utility3.62cpe:2.3:a:ibm:advanced_settings_utility:3.62:*:*:*:*:*:*:*
ibmadvanced_settings_utility3.70cpe:2.3:a:ibm:advanced_settings_utility:3.70:*:*:*:*:*:*:*
ibmadvanced_settings_utility9.21cpe:2.3:a:ibm:advanced_settings_utility:9.21:*:*:*:*:*:*:*
ibmbootable_media_creator2.30cpe:2.3:a:ibm:bootable_media_creator:2.30:*:*:*:*:*:*:*
ibmbootable_media_creator3.00cpe:2.3:a:ibm:bootable_media_creator:3.00:*:*:*:*:*:*:*
ibmbootable_media_creator9.21cpe:2.3:a:ibm:bootable_media_creator:9.21:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	advanced_settings_utility	3.62	cpe:2.3:a:ibm:advanced_settings_utility:3.62:::::::*
ibm	advanced_settings_utility	3.70	cpe:2.3:a:ibm:advanced_settings_utility:3.70:::::::*
ibm	advanced_settings_utility	9.21	cpe:2.3:a:ibm:advanced_settings_utility:9.21:::::::*
ibm	bootable_media_creator	2.30	cpe:2.3:a:ibm:bootable_media_creator:2.30:::::::*
ibm	bootable_media_creator	3.00	cpe:2.3:a:ibm:bootable_media_creator:3.00:::::::*
ibm	bootable_media_creator	9.21	cpe:2.3:a:ibm:bootable_media_creator:9.21:::::::*
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5092090

exchange.xforce.ibmcloud.com/vulnerabilities/78044

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2012-3329