Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2905

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2014-2905
Last Modified 05 May 2014 10:38:37
Published 02 May 2014 10:55:07
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2905

Summary

fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.

Vulnerable Systems

Application

  • Fishshell Fish 1.16.0

  • Fishshell Fish 2.0.0


References

CONFIRM - https://github.com/fish-shell/fish-shell/issues/1436

MLIST - [oss-security] 20140428 Upcoming security release of fish 2.1.1


Last Updated: 27 May 2016 11:05:11