Vulnerability CVE-2014-3219


Published: 2018-02-09

Description:
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.

Type:

CWE-59

(Improper Link Resolution Before File Access ('Link Following'))

Vendor: Fishshell
Product: FISH 
Version: 2.0.0; 1.16.0;
Vendor: Fedoraproject
Product: Fedora 
Version: 19;

CVSS2 => (AV:L/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
6.4/10
3.1/10
Exploit range
Attack complexity
Authentication
Local
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132751.html
http://security.gentoo.org/glsa/glsa-201412-49.xml
http://www.openwall.com/lists/oss-security/2014/05/06/3
http://www.openwall.com/lists/oss-security/2014/09/28/8
http://www.securityfocus.com/bid/67115
https://bugzilla.redhat.com/show_bug.cgi?id=1092091
https://github.com/fish-shell/fish-shell/commit/3225d7e169a9edb2f470c26989e7bc8e0d0355ce
https://github.com/fish-shell/fish-shell/issues/1440

Related CVE
CVE-2018-16883
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to l...
CVE-2018-19591
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.
CVE-2018-14648
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
CVE-2018-14638
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
CVE-2018-14624
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modific...
CVE-2018-14348
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
CVE-2017-12173
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a gi...
CVE-2018-10871
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective ...

Copyright 2019, cxsecurity.com

 

Back to Top