The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.
Max CVSS
3.6
EPSS Score
0.04%
Published
2012-12-20
Updated
2013-04-11
1 vulnerabilities found