PT-2013-5036 · Openwrt+2 · Luci+2

Jan Pokorný

Published

2013-11-20

Updated

2019-04-22

CVE-2013-4481

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Luci version 0.26.0

Description A race condition exists that creates the /var/lib/luci/etc/luci.ini file with world-readable permissions before the permissions are restricted. This allows local users to read the file and obtain sensitive information, including authentication secrets.

Recommendations For Luci version 0.26.0, consider restricting access to the /var/lib/luci/etc/luci.ini file until a patch is available. As a temporary workaround, manually change the permissions of the luci.ini file to prevent unauthorized access.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CESA-2013_1603

CVE-2013-4481

RHSA-2013:1603

RHSA-2013_1603

Affected Products

Centos

Luci

Red Hat

PT-2013-5036 · Openwrt+2 · Luci+2

CVE-2013-4481

Weakness Enumeration

Related Identifiers

Affected Products

References · 13