CVE-2012-5638
First published: Thu Dec 13 2012(Updated: )
The sanlock server creates the /var/log/sanlock.log world writable allowing any one on the system to wipe the contents of the log file or to store data within the log file (bypassing any quotas applied to their account). The affected code is: src/log.h int setup_logging(void) { int fd, rv; snprintf(logfile_path, PATH_MAX, "%s/%s", SANLK_LOG_DIR, SANLK_LOGFILE_NAME); logfile_fp = fopen(logfile_path, "a+");
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ovirt Sanlock |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/severity
- agent/last-modified-date
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-5638
- vendor/ovirt
- canonical/ovirt sanlock