Vulnerability CVE-2014-3219


Published: 2018-02-09

Description:
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.

Type:

CWE-59

(Improper Link Resolution Before File Access ('Link Following'))

Vendor: Fishshell
Product: FISH 
Version: 2.0.0; 1.16.0;
Vendor: Fedoraproject
Product: Fedora 
Version: 19;

CVSS2 => (AV:L/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
6.4/10
3.1/10
Exploit range
Attack complexity
Authentication
Local
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132751.html
http://security.gentoo.org/glsa/glsa-201412-49.xml
http://www.openwall.com/lists/oss-security/2014/05/06/3
http://www.openwall.com/lists/oss-security/2014/09/28/8
http://www.securityfocus.com/bid/67115
https://bugzilla.redhat.com/show_bug.cgi?id=1092091
https://github.com/fish-shell/fish-shell/commit/3225d7e169a9edb2f470c26989e7bc8e0d0355ce
https://github.com/fish-shell/fish-shell/issues/1440

Related CVE
CVE-2018-14348
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
CVE-2017-12173
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a gi...
CVE-2018-10871
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective ...
CVE-2018-10852
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available fo...
CVE-2017-2668
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bin...
CVE-2018-10850
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of servi...
CVE-2018-10196
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2018-1111
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network ab...

Copyright 2018, cxsecurity.com

 

Back to Top