Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0164

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2013-0164
Last Modified 25 Feb 2013 12:00:00
Published 24 Feb 2013 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2013-0164

Summary

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

Vulnerable Systems

Application

  • Redhat Openshift 1.0

  • Redhat Openshift Origin 1.0.5


References

CONFIRM - https://github.com/openshift/origin-server/pull/1136

CONFIRM - https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=893307

REDHAT - RHSA-2013:0220


Last Updated: 27 May 2016 11:01:57