[原文]apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins.
Red Hat Linux Apmd apmscript Symlink Arbitrary File Creation
Local Access Required
Denial of Service
Loss of Availability
Red Hat APMD Power Management Package contains a flaw that may allow a Local denial of service. The issue can be triggered by a local user by creating a symlink under certain conditions for /etc/sysconfig/apm-scripts/apmscript script which will result in loss of availability as the user with root privileges can change the file timestamps on other files.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.