PT-2011-3671 · Fabric · Fabric
Jan Lieskovsky
·
Publicado
2011-07-27
·
Atualizado
2022-05-17
·
CVE-2011-2185
CVSS v2.0
4.4
Média
| Vetor | AV:L/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Fabric versions prior to 1.1.0
Description
The issue allows local users to overwrite arbitrary files via a symlink attack on certain files, including
/tmp/fab.*.tar files or other files in the top level of /tmp/.Recommendations
For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the
/tmp/ directory to minimize the risk of exploitation. Avoid using symlinks in the affected directory until the issue is resolved.Correção
Link Following
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Fabric