Symlink Attack

2020-04-1000:36:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

10.1%

JSON

fence is vulnerable to symlink attack. Multiple insecure temporary file use flaws were found in fence_apc_snmp and ccs_tool. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack.

CPENameOperatorVersion
cmaneq2.0.73__1.el5_1.5
cmaneq2.0.73__1.el5_1.1
cmaneq2.0.64__1.0.1.el5
cmaneq2.0.60__1.el5
cmaneq2.0.84__2.el5_2.1
cmaneq2.0.98__1.el5_3.1
cmaneq2.0.62__1.el5
cmaneq2.0.84__2.el5_2.3
cmaneq2.0.64__1.el5
cmaneq2.0.98__1.el5

Name	Operator	Version
cman	eq	2.0.73__1.el5_1.5
cman	eq	2.0.73__1.el5_1.1
cman	eq	2.0.64__1.0.1.el5
cman	eq	2.0.60__1.el5
cman	eq	2.0.84__2.el5_2.1
cman	eq	2.0.98__1.el5_3.1
cman	eq	2.0.62__1.el5
cman	eq	2.0.84__2.el5_2.3
cman	eq	2.0.64__1.el5
cman	eq	2.0.98__1.el5