Lucene search
HistoryAug 08, 2012 - 10:26 a.m.
CVE-2012-3440
red hat
sudo
vulnerability
symlink attack
nvd
cve-2012-3440
5.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:N/I:C/A:C
6.1 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
Affected configurations
Node
todd_millersudoMatch1.7.2
ORredhatenterprise_linuxMatch5
| CPE | Name | Operator | Version |
|---|---|---|---|
| todd_miller:sudo | todd miller sudo | eq | 1.7.2 |
| redhat:enterprise_linux | redhat enterprise linux | eq | 5 |
Related
nessus
nessus
RHEL 5 : sudo (RHSA-2012:1149)
2012-08-08 00:00:00
Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20120808)
2012-08-09 00:00:00
Oracle Linux 5 : sudo (ELSA-2012-1149)
2013-07-12 00:00:00
nvd
nvd
CVE-2012-3440
2012-08-08 10:26:19
openvas
openvas
RedHat Update for sudo RHSA-2012:1149-01
2012-08-09 00:00:00
CentOS Update for sudo CESA-2012:1149 centos5
2012-08-09 00:00:00
Oracle: Security Advisory (ELSA-2012-1149)
2015-10-06 00:00:00
centos
centos
sudo security update
2012-08-07 17:20:02
cvelist
cvelist
CVE-2012-3440
2012-08-08 10:00:00
oraclelinux
oraclelinux
sudo security and bug fix update
2012-08-07 00:00:00
prion
prion
Arbitrary file deletion
2012-08-08 10:26:00
redhat
redhat
(RHSA-2012:1149) Moderate: sudo security and bug fix update
2012-08-07 00:00:00
(RHSA-2012:1185) Moderate: rhev-hypervisor5 security and bug fix update
2012-08-21 00:00:00
ubuntucve
ubuntucve
CVE-2012-3440
2012-08-08 00:00:00
veracode
veracode
Arbitrary File Overwrite
2019-01-15 08:55:30
debiancve
debiancve
CVE-2012-3440
2012-08-08 10:26:19
vmware
vmware
VMware ESX patch address security issues
2013-05-30 00:00:00
VMware ESX third party update for Service Console package sudo
2013-05-30 00:00:00
5.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:N/I:C/A:C
6.1 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2012-3440