PT-2013-5036 · Openwrt+2 · Luci+2

Jan Pokorný

Publicado

2013-11-20

Atualizado

2019-04-22

CVE-2013-4481

CVSS v2.0

1.9

Baixa

Vetor

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Luci version 0.26.0

Description A race condition exists that creates the /var/lib/luci/etc/luci.ini file with world-readable permissions before the permissions are restricted. This allows local users to read the file and obtain sensitive information, including authentication secrets.

Recommendations For Luci version 0.26.0, consider restricting access to the /var/lib/luci/etc/luci.ini file until a patch is available. As a temporary workaround, manually change the permissions of the luci.ini file to prevent unauthorized access.

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

CESA-2013_1603

CVE-2013-4481

RHSA-2013:1603

RHSA-2013_1603

Produtos afetados

Centos

Luci

Red Hat

PT-2013-5036 · Openwrt+2 · Luci+2

CVE-2013-4481

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13