Symlink Vulnerability in PackStack by Red Hat
CVE-2013-0261

Currently unrated

Key Information:

Vendor: Openstack
Status: Essex; Folsom
Vendor: CVE Published:; 8 March 2013

Summary

The PackStack installation contains a vulnerability where local users can exploit a symlink attack via temporary files located in the /tmp directory. Specifically, files within installer/basedefs.py and modules/ospluginutils.py can be overwritten due to predictable naming, leading to unauthorized file modifications. This flaw poses a significant risk as it can compromise system integrity by allowing an attacker to manipulate critical system files or configurations.

References

http://rhn.redhat.com/errata/RHSA-2013-0595.html

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=908101

x_refsource_MISC

Timeline

Vulnerability published
Mar 8, 2013
Vulnerability Reserved
Dec 6, 2012