Veracode Vulnerability DatabaseVERACODE:11009Arbitrary File Overwrite
5.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:N/I:C/A:C
sudo is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as a certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
References
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
www.securityfocus.com/bid/54868
access.redhat.com/errata/RHSA-2012:1149
access.redhat.com/security/cve/CVE-2012-3440
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=842759
bugzilla.redhat.com/show_bug.cgi?id=844420
bugzilla.redhat.com/show_bug.cgi?id=844442
bugzilla.redhat.com/show_bug.cgi?id=844978
rhn.redhat.com/errata/RHSA-2012-0309.html
rhn.redhat.com/errata/RHSA-2012-1149.html
Related
5.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:N/I:C/A:C