Sanlock
Monthly
The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.
The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.