PT-2014-3214 · Gnu · Gnu Rush

Steve Kemp

Published

2014-05-08

Updated

2014-05-09

CVE-2013-6889

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions GNU Rush version 1.7

Description The issue allows local users to read arbitrary files due to improper privilege handling. This is achieved via the --lint option.

Recommendations For GNU Rush version 1.7, consider restricting access to the --lint option until a proper fix is applied to ensure that privileges are dropped correctly.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-6889

Affected Products

Gnu Rush

PT-2014-3214 · Gnu · Gnu Rush

CVE-2013-6889

Weakness Enumeration

Related Identifiers

Affected Products

References · 9