Low: iproute

2012-04-0512:51:00

alas.aws.amazon.com

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

Issue Overview:

iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.

Affected Packages:

iproute

Issue Correction:
Run yum update iproute to update your system.

New Packages:

i686:  
    iproute-doc-3.2.0-3.7.amzn1.i686  
    iproute-devel-3.2.0-3.7.amzn1.i686  
    iproute-3.2.0-3.7.amzn1.i686  
    iproute-debuginfo-3.2.0-3.7.amzn1.i686  
  
src:  
    iproute-3.2.0-3.7.amzn1.src  
  
x86_64:  
    iproute-doc-3.2.0-3.7.amzn1.x86_64  
    iproute-devel-3.2.0-3.7.amzn1.x86_64  
    iproute-debuginfo-3.2.0-3.7.amzn1.x86_64  
    iproute-3.2.0-3.7.amzn1.x86_64

Additional References

Red Hat: CVE-2012-1088

Mitre: CVE-2012-1088

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686iproute-doc< 3.2.0-3.7.amzn1iproute-doc-3.2.0-3.7.amzn1.i686.rpm
Amazon Linux1i686iproute-devel< 3.2.0-3.7.amzn1iproute-devel-3.2.0-3.7.amzn1.i686.rpm
Amazon Linux1i686iproute< 3.2.0-3.7.amzn1iproute-3.2.0-3.7.amzn1.i686.rpm
Amazon Linux1i686iproute-debuginfo< 3.2.0-3.7.amzn1iproute-debuginfo-3.2.0-3.7.amzn1.i686.rpm
Amazon Linux1x86_64iproute-doc< 3.2.0-3.7.amzn1iproute-doc-3.2.0-3.7.amzn1.x86_64.rpm
Amazon Linux1x86_64iproute-devel< 3.2.0-3.7.amzn1iproute-devel-3.2.0-3.7.amzn1.x86_64.rpm
Amazon Linux1x86_64iproute-debuginfo< 3.2.0-3.7.amzn1iproute-debuginfo-3.2.0-3.7.amzn1.x86_64.rpm
Amazon Linux1x86_64iproute< 3.2.0-3.7.amzn1iproute-3.2.0-3.7.amzn1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	iproute-doc	< 3.2.0-3.7.amzn1	iproute-doc-3.2.0-3.7.amzn1.i686.rpm
Amazon Linux	1	i686	iproute-devel	< 3.2.0-3.7.amzn1	iproute-devel-3.2.0-3.7.amzn1.i686.rpm
Amazon Linux	1	i686	iproute	< 3.2.0-3.7.amzn1	iproute-3.2.0-3.7.amzn1.i686.rpm
Amazon Linux	1	i686	iproute-debuginfo	< 3.2.0-3.7.amzn1	iproute-debuginfo-3.2.0-3.7.amzn1.i686.rpm
Amazon Linux	1	x86_64	iproute-doc	< 3.2.0-3.7.amzn1	iproute-doc-3.2.0-3.7.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	iproute-devel	< 3.2.0-3.7.amzn1	iproute-devel-3.2.0-3.7.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	iproute-debuginfo	< 3.2.0-3.7.amzn1	iproute-debuginfo-3.2.0-3.7.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	iproute	< 3.2.0-3.7.amzn1	iproute-3.2.0-3.7.amzn1.x86_64.rpm