First published: Wed Dec 21 2011(Updated: )
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Selinux | <1\:0.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.