Candidate: CVE-2012-5638
PublicDate: 2012-12-20 12:02:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5638
 https://bugzilla.redhat.com/show_bug.cgi?id=887010
Description:
 The setup_logging function in log.h in SANLock uses world-writable
 permissions for /var/log/sanlock.log, which allows local users to overwrite
 the file content or bypass intended disk-quota restrictions via standard
 filesystem write operations.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_sanlock:
upstream_sanlock: released (2.2-2)
hardy_sanlock: DNE
lucid_sanlock: DNE
oneiric_sanlock: DNE
precise_sanlock: DNE
precise/esm_sanlock: DNE
quantal_sanlock: ignored (reached end-of-life)
raring_sanlock: ignored (reached end-of-life)
saucy_sanlock: ignored (reached end-of-life)
trusty_sanlock: not-affected (2.2-2)
trusty/esm_sanlock: DNE (trusty was not-affected [2.2-2])
utopic_sanlock: ignored (reached end-of-life)
vivid_sanlock: ignored (reached end-of-life)
vivid/stable-phone-overlay_sanlock: DNE
vivid/ubuntu-core_sanlock: DNE
wily_sanlock: ignored (reached end-of-life)
xenial_sanlock: not-affected (2.2-2)
yakkety_sanlock: ignored (reached end-of-life)
zesty_sanlock: ignored (reached end-of-life)
artful_sanlock: ignored (reached end-of-life)
bionic_sanlock: not-affected (2.2-2)
cosmic_sanlock: not-affected (2.2-2)
devel_sanlock: not-affected (2.2-2)