CVE-2012-3449

Description

Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files.

How to fix CVE-2012-3449

To remediate CVE-2012-3449, upgrade the affected package to a fixed version below.

• Debian/openvswitch—upgrade to 1.4.2+git20120612-8 or later

Is CVE-2012-3449 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.4.2+git20120612-8

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-3449