Vulnerability in Openvswitch

CVE-2012-3449

Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files.

EPSS: 0.000 (14.2th percentile) — read the EPSS interpretation.

Affected products

Openvswitch — versions 1.4.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

54789 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_MISC)
54794 (vdb-entry, x_refsource_BID)
[oss-security] 20120803 Re: openvswitch world writable directories (CVE-2012-3449) (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)
openvswitch-privilege-escalation(77417) (vdb-entry, x_refsource_XF)
[oss-security] 20120802 openvswitch world writable directories (CVE-2012-3449) (mailing-list, x_refsource_MLIST)