CVE-2011-2185

Published Jul 27, 2011

Last updated 14 years ago

CVSS info 4.4

Overview

Description: Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.4
Impact score: 6.4
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-59

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fabfile:fabric:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C440DE73-C7F6-4FCA-B24D-D45F9EE8023F",
            "versionEndIncluding": "1.0.2"
          },
          {
            "criteria": "cpe:2.3:a:fabfile:fabric:0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A2FFC1C-0B1A-4AE8-974D-DE5CB9226E41"
          },
          {
            "criteria": "cpe:2.3:a:fabfile:fabric:0.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40DA9F7C-A93C-43B3-8478-FAEA99A129F4"
          },
          {
            "criteria": "cpe:2.3:a:fabfile:fabric:0.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D38CB770-4B18-479E-ABE3-48BB3940C118"
          },
          {
            "criteria": "cpe:2.3:a:fabfile:fabric:0.9.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FBF3792-2BC0-4D23-8FCF-D8279AFF62CA"
          },
          {
            "criteria": "cpe:2.3:a:fabfile:fabric:0.9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AB51AAC-727E-4AE0-A36A-689B780A2EDD"
          },
          {
            "criteria": "cpe:2.3:a:fabfile:fabric:0.9.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62819DA4-9DD9-42AB-AA66-50BC227A7278"
          },
          {
            "criteria": "cpe:2.3:a:fabfile:fabric:0.9.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45FC8473-838B-4317-9A28-0D047E717E4B"
          },
          {
            "criteria": "cpe:2.3:a:fabfile:fabric:0.9.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "549B0C6D-E02D-4B29-A13A-DE7D2D8FCCDD"
          },
          {
            "criteria": "cpe:2.3:a:fabfile:fabric:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23EA45BD-BC09-4B0E-85D3-CA4E5EA556B9"
          },
          {
            "criteria": "cpe:2.3:a:fabfile:fabric:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5BD51A7-4DA0-4DE2-B529-1C4B4672B27A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References