A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:H/Au:N/C:N/I:C/A:C
Vendors Products
Redhat
  • Enterprise Linux
Todd Miller
  • Sudo

Configuration 1 [-]

OR cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
References
Link Resource
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/54868
https://bugzilla.redhat.com/show_bug.cgi?id=844442 Exploit
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-08T10:00:00

Updated: 2016-11-25T19:57:01

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3440

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2012-08-08T10:26:19.220

Modified: 2023-02-13T04:34:22.927

Link: CVE-2012-3440

JSON object: View

cve-icon Redhat Information

No data.

CWE