sanlock is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as the setup_logging
function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.
rhn.redhat.com/errata/RHSA-2013-0691.html
access.redhat.com/security/cve/CVE-2012-5638
bugzilla.redhat.com/show_bug.cgi?id=840953
bugzilla.redhat.com/show_bug.cgi?id=840955
bugzilla.redhat.com/show_bug.cgi?id=841991
bugzilla.redhat.com/show_bug.cgi?id=841992
bugzilla.redhat.com/show_bug.cgi?id=841994
bugzilla.redhat.com/show_bug.cgi?id=841995
bugzilla.redhat.com/show_bug.cgi?id=849181
bugzilla.redhat.com/show_bug.cgi?id=849183
bugzilla.redhat.com/show_bug.cgi?id=849184
bugzilla.redhat.com/show_bug.cgi?id=849186
bugzilla.redhat.com/show_bug.cgi?id=887010
rhn.redhat.com/errata/RHBA-2012-1505.html
rhn.redhat.com/errata/RHBA-2012-1507.html