Lucene search

[email protected]CVE-2013-6494

HistoryDec 02, 2014 - 1:59 a.m.

CVE-2013-6494

2014-12-0201:59:00

CWE-17

[email protected]

web.nvd.nist.gov

cve-2013-6494

fedup

fedora

denial of service

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates).

Affected configurations

NVD

Node

fedup_projectfedupMatch0.9.0

AND

fedoraprojectfedoraMatch19

fedoraprojectfedoraMatch20

fedoraprojectfedoraMatch21

CPENameOperatorVersion
fedup_project:fedupfedup project fedupeq0.9.0

CPE	Name	Operator	Version
fedup_project:fedup	fedup project fedup	eq	0.9.0

References

lists.fedoraproject.org/pipermail/package-announce/2014-November/141698.html

lists.fedoraproject.org/pipermail/package-announce/2014-November/142698.html

lists.fedoraproject.org/pipermail/package-announce/2014-November/142933.html

www.securityfocus.com/bid/70874

bugzilla.redhat.com/show_bug.cgi?id=1066679

github.com/wgwoods/fedup/issues/44

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-6494

nessus3 openvas2 fedora3 prion1 cvelist1 nvd1