CVE-2014-3219

Name of the Vulnerable Software and Affected Versions fish versions prior to 2.1.1

Description The issue allows local users to write to arbitrary files via a symlink attack on several temporary files, including /tmp/fishd.log.%s, /tmp/.pac-cache.$USER, /tmp/.yum-cache.$USER, or /tmp/.rpm-cache.$USER.

Recommendations For versions prior to 2.1.1, update to version 2.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary files /tmp/fishd.log.%s, /tmp/.pac-cache.$USER, /tmp/.yum-cache.$USER, and /tmp/.rpm-cache.$USER to minimize the risk of exploitation.