CVE-2012-5530
Summary
| CVE | CVE-2012-5530 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-11-29 13:14:00 UTC |
| Updated | 2013-02-26 04:51:00 UTC |
| Description | The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sgi | Performance Co-pilot | 2.1.1 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.10 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.11 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.2 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.3 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.4 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.5 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.6 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.7 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.8 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.9 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.2 | All | All | All |
| Application | Sgi | Performance Co-pilot | 3.6.4 | All | All | All |
| Application | Sgi | Performance Co-pilot | 3.6.5 | All | All | All |
| Application | Sgi | Performance Co-pilot | 3.6.6 | All | All | All |
| Application | Sgi | Performance Co-pilot | 3.6.8 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.1 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.10 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.11 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.2 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.3 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.4 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.5 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.6 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.7 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.8 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.1.9 | All | All | All |
| Application | Sgi | Performance Co-pilot | 2.2 | All | All | All |
| Application | Sgi | Performance Co-pilot | 3.6.4 | All | All | All |
| Application | Sgi | Performance Co-pilot | 3.6.5 | All | All | All |
| Application | Sgi | Performance Co-pilot | 3.6.6 | All | All | All |
| Application | Sgi | Performance Co-pilot | 3.6.8 | All | All | All |
| Application | Sgi | Performance Co-pilot | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bug 782967 – VUL-0: CVE-2012-5530: pcp: pcmd init script, insecure tmp file handling | CONFIRM | bugzilla.novell.com | |
| [security-announce] SUSE-SU-2013:0190-1: important: Security update for | SUSE | lists.opensuse.org | |
| 875842 – (CVE-2012-5530) CVE-2012-5530 pcp: Insecure temporary file use flaws | CONFIRM | bugzilla.redhat.com | |
| Malformed Request | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.