CVE-2012-3440medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
References
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 89665 | VMware ESX sudo Package Multiple Vulnerabilities (VMSA-2013-0007) (remote check) | Nessus | Misc. | high |
| 68595 | Oracle Linux 5 : sudo (ELSA-2012-1149) | Nessus | Oracle Linux Local Security Checks | medium |
| 66723 | VMSA-2013-0007 : VMware ESX third-party update for Service Console package sudo | Nessus | VMware ESX Local Security Checks | high |
| 61456 | Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20120808) | Nessus | Scientific Linux Local Security Checks | medium |
| 61452 | RHEL 5 : sudo (RHSA-2012:1149) | Nessus | Red Hat Local Security Checks | medium |
| 61450 | CentOS 5 : sudo (CESA-2012:1149) | Nessus | CentOS Local Security Checks | medium |