Vulnerability Description
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift | <= 1.0 |
| Redhat | Openshift Origin | 1.0.5 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-0220.html
- https://bugzilla.redhat.com/show_bug.cgi?id=893307
- https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76
- https://github.com/openshift/origin-server/pull/1136
- http://rhn.redhat.com/errata/RHSA-2013-0220.html
- https://bugzilla.redhat.com/show_bug.cgi?id=893307
- https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76
- https://github.com/openshift/origin-server/pull/1136
FAQ
What is CVE-2013-0164?
CVE-2013-0164 is a vulnerability with a CVSS score of 3.6 (LOW). The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a ...
How severe is CVE-2013-0164?
CVE-2013-0164 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0164?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift, Redhat Openshift Origin.