World-writable permissions in Open vSwitch 1.4.2 allow arbitrary file deletion and overwrite

World-writable permissions in Open vSwitch 1.4.2 allow arbitrary file deletion and overwrite

CVE-2012-3449 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:P

Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files.

Learn more about our User Device Pen Test.