PT-2014-2917 · Secunia+1 · Secunia Csi Agent+1

Published

2014-01-26

Updated

2018-12-13

CVE-2013-5364

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Secunia CSI Agent versions 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, 7.0.0.21 and earlier

Description The issue allows local users to modify the configuration of the CSI Agent by changing the permissions of the /etc/csia config.xml file, which has world-readable and world-writable permissions when running on Red Hat Linux.

Recommendations For versions 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, consider changing the permissions of the /etc/csia config.xml file to prevent local users from modifying the CSI Agent configuration. Restrict write access to the /etc/csia config.xml file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-5364

Affected Products

Red Hat

Secunia Csi Agent

PT-2014-2917 · Secunia+1 · Secunia Csi Agent+1

CVE-2013-5364

Weakness Enumeration

Related Identifiers

Affected Products

References · 6