CVE-2012-3329

low

Published 2012-12-19 · Modified 2026-04-29

CVSS v3

—

CVSS v2

3.3

VIR risk

3.3

Description

IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5092090

OS impact

OS	Version	Status	Fixed in
linux-kernel		not-affected

Application impact

Vendor	Product	Versions
ibm	advanced_settings_utility	`3.62`
ibm	advanced_settings_utility	`3.70`
ibm	advanced_settings_utility	`9.21`
ibm	bootable_media_creator	`2.30`
ibm	bootable_media_creator	`3.00`
ibm	bootable_media_creator	`9.21`

References

http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5092090
https://exchange.xforce.ibmcloud.com/vulnerabilities/78044
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5092090
https://exchange.xforce.ibmcloud.com/vulnerabilities/78044

CWEs

CWE-59

Verify integrity in audit chain (admin only). AS-IS.