3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
Issue Overview:
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.
Affected Packages:
iproute
Issue Correction:
Run yum update iproute to update your system.
New Packages:
i686:
iproute-doc-3.2.0-3.7.amzn1.i686
iproute-devel-3.2.0-3.7.amzn1.i686
iproute-3.2.0-3.7.amzn1.i686
iproute-debuginfo-3.2.0-3.7.amzn1.i686
src:
iproute-3.2.0-3.7.amzn1.src
x86_64:
iproute-doc-3.2.0-3.7.amzn1.x86_64
iproute-devel-3.2.0-3.7.amzn1.x86_64
iproute-debuginfo-3.2.0-3.7.amzn1.x86_64
iproute-3.2.0-3.7.amzn1.x86_64
Red Hat: CVE-2012-1088
Mitre: CVE-2012-1088
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | iproute-doc | < 3.2.0-3.7.amzn1 | iproute-doc-3.2.0-3.7.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | iproute-devel | < 3.2.0-3.7.amzn1 | iproute-devel-3.2.0-3.7.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | iproute | < 3.2.0-3.7.amzn1 | iproute-3.2.0-3.7.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | iproute-debuginfo | < 3.2.0-3.7.amzn1 | iproute-debuginfo-3.2.0-3.7.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | iproute-doc | < 3.2.0-3.7.amzn1 | iproute-doc-3.2.0-3.7.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | iproute-devel | < 3.2.0-3.7.amzn1 | iproute-devel-3.2.0-3.7.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | iproute-debuginfo | < 3.2.0-3.7.amzn1 | iproute-debuginfo-3.2.0-3.7.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | iproute | < 3.2.0-3.7.amzn1 | iproute-3.2.0-3.7.amzn1.x86_64.rpm |