setroubleshoot is vulnerable to arbitrary file overwrite. The vulnerability exists as a flaw was found in the way sealert wrote diagnostic messages to a temporary file. A local unprivileged user could perform a symbolic link attack, and cause arbitrary files, writable by other users, to be overwritten when a victim runs sealert.
CPE | Name | Operator | Version |
---|---|---|---|
setroubleshoot | eq | 1.8.11__4.el5 | |
setroubleshoot | eq | 1.8.11__4.el5 |
secunia.com/advisories/30339
securitytracker.com/id?1020077
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2008-0061.html
www.securityfocus.com/bid/29320
access.redhat.com/errata/RHSA-2008:0061
bugzilla.redhat.com/show_bug.cgi?id=288221
exchange.xforce.ibmcloud.com/vulnerabilities/42591
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9705