CVE-2014-3219

EPSS 0.04%
Published 09.02.2018 22:29:00
Last modified 21.11.2024 02:07:42
Source cve@mitre.org
Teams watchlist Login
Open Login

fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.

Affected products Warnungen 0 Metrics 3 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Fishshell ≫ Fish Version < 2.1.1

Fedoraproject ≫ Fedora Version19

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.065

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.3	3.1	6.4	AV:L/AC:L/Au:S/C:P/I:P/A:P

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00071.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132751.html

Third Party Advisory

http://security.gentoo.org/glsa/glsa-201412-49.xml

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/05/06/3

Patch

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2014/09/28/8

Patch