CVE-2012-3440

2012-08-0810:26:00

Debian Security Bug Tracker

security-tracker.debian.org

5.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:N/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.

OSVersionArchitecturePackageVersionFilename
Debian12allsudo< 1.9.13p3-1+deb12u1sudo_1.9.13p3-1+deb12u1_all.deb
Debian11allsudo< 1.9.5p2-3+deb11u1sudo_1.9.5p2-3+deb11u1_all.deb
Debian10allsudo< 1.8.27-1+deb10u3sudo_1.8.27-1+deb10u3_all.deb
Debian999allsudo< 1.9.15p5-3sudo_1.9.15p5-3_all.deb
Debian13allsudo< 1.9.15p5-3sudo_1.9.15p5-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	sudo	< 1.9.13p3-1+deb12u1	sudo_1.9.13p3-1+deb12u1_all.deb
Debian	11	all	sudo	< 1.9.5p2-3+deb11u1	sudo_1.9.5p2-3+deb11u1_all.deb
Debian	10	all	sudo	< 1.8.27-1+deb10u3	sudo_1.8.27-1+deb10u3_all.deb
Debian	999	all	sudo	< 1.9.15p5-3	sudo_1.9.15p5-3_all.deb
Debian	13	all	sudo	< 1.9.15p5-3	sudo_1.9.15p5-3_all.deb