Lucene search

[email protected]CVE-2013-0261

HistoryMar 08, 2013 - 9:55 p.m.

CVE-2013-0261

2013-03-0821:55:00

CWE-264

[email protected]

web.nvd.nist.gov

packstack

installer

vulnerability

symlink attack

file overwrite

nvd

cve-2013-0261

6.5 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

CPENameOperatorVersion
openstack:essexopenstack essexeq-
openstack:folsomopenstack folsomeq-

CPE	Name	Operator	Version
openstack:essex	openstack essex	eq	-
openstack:folsom	openstack folsom	eq	-

References

rhn.redhat.com/errata/RHSA-2013-0595.html

bugzilla.redhat.com/show_bug.cgi?id=908101

6.5 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2013-0261

prion1 cvelist1 redhat1