Vulnerability Description
Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/.
CVSS Score
4.4
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fabfile | Fabric | <= 1.0.2 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629003
- http://code.fabfile.org/projects/fabric/files/Fabric-1.1.0.tar.gzPatch
- http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062534.html
- http://www.openwall.com/lists/oss-security/2011/06/03/5
- http://www.openwall.com/lists/oss-security/2011/06/06/12
- https://bugzilla.redhat.com/show_bug.cgi?id=710462
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629003
- http://code.fabfile.org/projects/fabric/files/Fabric-1.1.0.tar.gzPatch
- http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062534.html
- http://www.openwall.com/lists/oss-security/2011/06/03/5
- http://www.openwall.com/lists/oss-security/2011/06/06/12
- https://bugzilla.redhat.com/show_bug.cgi?id=710462
FAQ
What is CVE-2011-2185?
CVE-2011-2185 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/.
How severe is CVE-2011-2185?
CVE-2011-2185 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2185?
Check the references section above for vendor advisories and patch information. Affected products include: Fabfile Fabric.